Well, that didn’t take long. And no, I’m not surprised.
The game is on for hackers trying to spot security vulnerabilities in Apple’s iPhone and already they’re scoring points.
Less than 72 hours after the iPhone’s introduction, researchers have reported at least one flaw that could allow an attacker some level of control over the device, while other hackers have uncovered passwords hiding in Apple software that could prove key in gaining root access, they said.
The most serious flaw, reported by Errata Security, resides in the iPhone’s Safari browser. By effecting a buffer overflow in the application, an attacker can take control of the browser and run code on the device, said Robert Graham, CEO of Errata.
“The scenario that seems most attractive is to have the phone dial 900 numbers,” Graham said, noting an age-old attack that allows criminals with ties to fee-based phone services to profit each time an infected computer dial the number.
It’s one of the same Safari flaws Errata researchers documented earlier this month, just hours after Apple released a beta version of the app for Windows users. Apple moved quickly to fix several, but not all, of the bugs.
Errata also reported a bug that resides in the iPhone’s Bluetooth features. By exposing them to a fuzzer, it seems, it’s easy to make the entire device lock up in a very predictable manner.
[tags]iPhone Hacker, iPhone Vulnerabilities, Apple iPhone[/tags]
Comments