Apple has released an update for the iPhone OS that fixes an SMS security vulnerability. The update, iPhone OS 3.0.1, is
available via iTunes or by checking for updates.
The SMS opening that would allow a text message to wreak havoc on the iPhone OS was discovered by Charlie Miller and Collin Mulliner at the Black Hat Conference last week.
“Less than 24 hours after a demonstration of this exploit, we’ve issued
a free software update that eliminates the vulnerability from the
iPhone,” Apple spokesperson Neumayr told Ars Technica “Contrary to what’s been
reported, no one has been able to take control of the iPhone to gain
access to personal information using this exploit.”
Here’s how Apple describes the fix:
Impact: Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution
Description:
A memory corruption issue exists in the decoding of SMS messages.
Receiving a maliciously crafted SMS message may lead to an unexpected
service interruption or arbitrary code execution. This update addresses
the issue through improved error handling. Credit to Charlie Miller of
Independent Security Evaluators, and Collin Mulliner of Fraunhofer SIT
for reporting this issue.