RSS Alerts

Related Links

Related Stories

  • Black Hat: major iPhone hack to be revealed today
    You could never describe the Apple iPhone as totally secure, given the number of jailbreaks that crackers have developed to unlock the popular handset from its partner networks, but researchers at the Black Hat security conference are scheduled to reveal a serious chink in the mobile's armour today.
  • RSA unveils iPhone SecurID application
    RSA, the security division of EMC, has unveiled SecurID Software Token for iPhone Devices which it claims allows the Apple cellular handset to be used an RSA SecurID authenticator.
  • Apple releases Safari 4.0 to counter security flaws
    Apple Computer has released v 4.0 of its increasingly popular Safari web browser for Windows and Mac OSX-based computers. The release counters the recent security flaws reported in CFNetwork, CoreGraphics, ImageIO, International Components for Unicode, libxml, Safari, Safari Windows Installer, and webKit
  • Spamming the socially active - spam diversifies to Twitter, IM, SMS, etc
    Once poison found only in email accounts, spam is now polluting every form of electronic communication from IM to SMS and from blogs to tweets. But how well is it doing outside its natural domain? William Knight takes a look at non-email spam
  • Nine lives - when malware becomes self-modifying
    As the Conficker (aka Downadup and Kido) worm proved when it first appeared in October 2008, there's more to a piece of malware code than meets the eye, especially when it is self-updating. But can self-updating also mean self-modifying? Steve Gold investigates whether an IT security manager's nightmare has become programming reality...

News

Apple moves swiftly to fix iPhone security flaws

03 August 2009

A potentially serious iPhone security flaw identified by researchers at the Black Hat security briefings in Las Vegas last week has been quickly patched by Apple Computer.

Over the weekend, Apple posted details of a patch for iPhone to its website, and the downloads were flagged on O2, Apple's iPhone partner in the UK, Infosecurity notes.

The security flaw could potentially allow a remote hacker to gain access to the iPhone by generating rogue or malformed text messages.

The patch was posted overnight Friday on Apple's iTunes web portal, Infosecurity understands.

At the Black Hat briefings last Thursday, the researchers - Charlie Miller and Collin Mulliner - revealed how generating large numbers of malformed text messages to an iPhone could, under certain conditions, give a remote hacker access to the iPhone.

The researchers also said they expected the security flaw to be exploited within a few weeks by hackers in the wild.

"If we don't talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what", said Mulliner.

But the story does not end there, as unconfirmed reports suggest that other mobile phones, notably the Google Android, may be subject to the same multiple text message modus operandi.

This suggests some form of buffer overflow is involved, Infosecurity notes, since the Android smartphone is based on a different operating system to the iPhone.

 

This article is featured in:
Application Security Internet and Network Security Security Training and Education

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water