A major vulnerability in how the iPhone handles SMS has been found by security researcher Charlie Miller. During a presentation at the SyScan conference in Singapore, Miller announced the vunerability and warned of its capabilities.
“The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator’s network. The malicious code could include commands to monitor the location of the phone using GPS, turn on the phone’s microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet.”
According to HotHardware, Miller has made an arrangement with Apple giving them until the Black Hat USA expo in Las Vegas to fix the issue. Apple says they will have a fix ready “later this month.”
Loading ...
July 4th, 2009 at 8:57 am
It would look a little more professional if the words on your website were spelled correctly. It’s “Vulnerablility” not “vunerability”. This is not the first time that I’ve seen misspellings on the iPhone User Guide website, just the first time I’ve brought it to your attention. Other than an occaisional misspelling, I think your website is great and very informative.
Sincerely,
Mark Field
July 6th, 2009 at 1:47 am
Mark Field’s correction of the misspelling of “vulnerability” was factual but unnecessary. Anyone could plainly see by the correct spelling of the word, both before and after, that the error would have been purely typographical, not due to ignorance. While probably not intended to be, Mark’s comment on the website’s “occaisional” misspelling appeared gratuitous.