RSS Alerts

Share

More services

Related Links

Related Stories

  • Black Hat: major iPhone hack to be revealed today
    You could never describe the Apple iPhone as totally secure, given the number of jailbreaks that crackers have developed to unlock the popular handset from its partner networks, but researchers at the Black Hat security conference are scheduled to reveal a serious chink in the mobile's armour today.
  • RSA unveils iPhone SecurID application
    RSA, the security division of EMC, has unveiled SecurID Software Token for iPhone Devices which it claims allows the Apple cellular handset to be used an RSA SecurID authenticator.
  • Apple releases Safari 4.0 to counter security flaws
    Apple Computer has released v 4.0 of its increasingly popular Safari web browser for Windows and Mac OSX-based computers. The release counters the recent security flaws reported in CFNetwork, CoreGraphics, ImageIO, International Components for Unicode, libxml, Safari, Safari Windows Installer, and webKit
  • Proof-of-concept malware sneaked onto Apple iTunes; developer given the axe
    When is a flaw not a flaw? When it's a feature of the operating system, it seems, as serial Apple Mac cracker Charlie Miller has tapped a feature of Apple's portable operating system and created an iPhone/iPad app that allows almost complete remote access to the device.
  • Fake iTunes updates demolish the idea that Apple iOS is secure
    The long-held belief that the Apple iOS platform is inherently secure due to Apple’s walled garden approach to software has been holed once again, this time by a security firm that has developed a method of sending Fake iTunes and Flash updates to iPhone and iPad users.

Top 5 Stories

News

Apple moves swiftly to fix iPhone security flaws

03 August 2009

A potentially serious iPhone security flaw identified by researchers at the Black Hat security briefings in Las Vegas last week has been quickly patched by Apple Computer.

Over the weekend, Apple posted details of a patch for iPhone to its website, and the downloads were flagged on O2, Apple's iPhone partner in the UK, Infosecurity notes.

The security flaw could potentially allow a remote hacker to gain access to the iPhone by generating rogue or malformed text messages.

The patch was posted overnight Friday on Apple's iTunes web portal, Infosecurity understands.

At the Black Hat briefings last Thursday, the researchers - Charlie Miller and Collin Mulliner - revealed how generating large numbers of malformed text messages to an iPhone could, under certain conditions, give a remote hacker access to the iPhone.

The researchers also said they expected the security flaw to be exploited within a few weeks by hackers in the wild.

"If we don't talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what", said Mulliner.

But the story does not end there, as unconfirmed reports suggest that other mobile phones, notably the Google Android, may be subject to the same multiple text message modus operandi.

This suggests some form of buffer overflow is involved, Infosecurity notes, since the Android smartphone is based on a different operating system to the iPhone.

This article is featured in:
Application Security • Internet and Network Security • Security Training and Education

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012