Site icon Liquidmatrix Security Digest

Apple Patching Critical iPhone SMS Vuln

A few days ago the news came out that Apple is working to fix a new problem with the iPhone SMS that will permit code to be passed rather than simply text messages.

From Ars Technica:

Security researcher Charlie Miller has revealed that Apple is working on a patch for a security flaw he identified in the iPhone’s SMS implementation. The flaw can actually lead to arbitrary code execution, as he explained to Ars last month. Miller hasn’t yet detailed the flaw, citing an agreement with Apple, though he and partner Vincenzo Iozzo plan to detail their discovery later this month at the Black Hat Security Conference in Las Vegas.

During a presentation at the SyScan security conference in Singapore, Miller explained that a vulnerability in the iPhone’s handling of SMS messages makes it possible to send code instead of strictly text.

“(W)hen it executes the code it does so with root privileges”. As root? Um, whoops.

I am really looking forward to this preso at Black Hat.

Article Link

Exit mobile version