Skip to navigation
   
Asavin Wattanajantra's Blog
RSS

Apple iPhone vulnerability ‘as bad as it gets’

By Asavin Wattanajantra in Editorial

Posted in Charlie Miller, hack, iPhone, Apple on July 3, 2009 at 2:56 pm

Permalink | Author Profile

Charlie Miller, well known in the security world for hacking Apple’s Safari browser in seconds, has found a new vulnerability in the iPhone that security vendor F-Secure has described as “bad as it gets”.

According to the original article,  the vulnerability appears to allow unsigned code to run which circumvents a core part of the iPhone’s security model. Usually it is only able to run signed code, like Apps approved by Apple.

Miller said it doesn’t even need user-interaction, and exploits a weakness in the way the iPhone’s handles SMS text messages. He wouldn’t provide more details of the problem, and it looks like Apple are trying to hurry a patch to secure the exploit.

He also claimed that the malicious code could have been used to monitor the location of the phone using GPS, turn on the phone’s microphone to listen to conversations, or even make it join a botnet or denial of service attack.

It isn’t the first time that Miller has found weaknesses in Apple products. As well as the Safari hack, in April Miller found a different weakness in the previous version iPhone.

However, he says that the iPhone OS is more secure than the full Mac OS X as it removes applications and features like support for Adobe Flash and Java, which PC users have learned is a serious weak point on Windows.

However as the Register also reports,  an SMS attack is very crafty, and something very difficult for iPhone users to protect against.

Charlie Miller will reveal more at the Black Hat conference later this month.

12345
Not yet rated
Loading ... Loading ...

 

   
Tag cloud

hack feed alcohol university of portsmouth cyber crime research phishing filters nokia Apple Lewis hamilton smartphone Transformers ASA cybercrime Dark Market human clones DNS satnav Spotify spam Digital Britain worm DNSSEC video traffic Kaminsky RSS trend micro Sega Pirate Bay downloading streaming instant messaging growth Nintendo Firefox iPhone crime map Google credit card data hacking Republicans control PR unlimited death sony playstation Nintendo Sega Sinclair Spectrum gaming Mario Sonic SQL injection replies Scrabble Beijing remote working Mario FBI vote NHS murder multimedia fire Microsoft old school crime Wherecloud robots social media illegal brain Cisco paranoia hackers Mozilla Google Google Maps news pirate Daily Mail Second Life flaw Bill Gates Sonic hype Black Hat RPG sightings tool offline browser legal internet broadband lapto alibi malware Star Trek morph Fraud medials phone IT PRO Christmas app privacy Clampi kill virtual worlds pride military funny swear words uSwitch hatred future Google Street View Friendfeed Digg brainwaves poking data breaches Google Reader World of Warcraft staff pod casting Flurry Twitter Steve Jobs Mafia Wars status David Blunkett surveillance top ten tips ID cards rickrolling YouTube music tech Hitwise Terminator Kindle James Bond Klingon Sophos opinion Twitpocalypse journalism IM ENISA update fun science software Olympics flashmob bendy MMORPG eBooks mobile Facebook video games Amazon teenagers flexible working Farmville ducks website password BlackBerry government BERTI
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement