Skip to navigation
   
Asavin Wattanajantra's Blog

Apple iPhone vulnerability ‘as bad as it gets’

By Asavin Wattanajantra in Editorial

Posted in Charlie Miller, hack, iPhone, Apple on July 3, 2009 at 2:56 pm

Permalink | Author Profile

Charlie Miller, well known in the security world for hacking Apple’s Safari browser in seconds, has found a new vulnerability in the iPhone that security vendor F-Secure has described as “bad as it gets”.

According to the original article,  the vulnerability appears to allow unsigned code to run which circumvents a core part of the iPhone’s security model. Usually it is only able to run signed code, like Apps approved by Apple.

Miller said it doesn’t even need user-interaction, and exploits a weakness in the way the iPhone’s handles SMS text messages. He wouldn’t provide more details of the problem, and it looks like Apple are trying to hurry a patch to secure the exploit.

He also claimed that the malicious code could have been used to monitor the location of the phone using GPS, turn on the phone’s microphone to listen to conversations, or even make it join a botnet or denial of service attack.

It isn’t the first time that Miller has found weaknesses in Apple products. As well as the Safari hack, in April Miller found a different weakness in the previous version iPhone.

However, he says that the iPhone OS is more secure than the full Mac OS X as it removes applications and features like support for Adobe Flash and Java, which PC users have learned is a serious weak point on Windows.

However as the Register also reports,  an SMS attack is very crafty, and something very difficult for iPhone users to protect against.

Charlie Miller will reveal more at the Black Hat conference later this month.

12345
Not yet rated
Loading ... Loading ...

 

   
Tag cloud

Spotify Kaminsky control kill crime ducks bendy brain Google Street View cybercrime Google Maps IT PRO journalism old school DNSSEC Second Life paranoia tool Amazon offline ENISA app ID cards Google Reader Transformers alibi Mozilla Fraud Friendfeed medials future FBI Farmville Sonic IM hacking DNS trend micro pride phone Sega ASA brainwaves Flurry replies David Blunkett music Mafia Wars fun iPhone broadband Hitwise Steve Jobs Mario mobile Christmas alcohol Bill Gates YouTube privacy Twitpocalypse internet credit card data Clampi illegal tech Cisco flaw data breaches Microsoft growth BERTI video filters virtual worlds government flashmob human clones university of portsmouth research hackers Wherecloud rickrolling hype teenagers robots Star Trek uSwitch Lewis hamilton hack downloading remote working Olympics SQL injection NHS poking Nintendo status streaming vote crime map Google opinion Twitter swear words website software update worm satnav news funny instant messaging Digg malware Daily Mail World of Warcraft Kindle browser phishing multimedia morph surveillance smartphone nokia PR Terminator RSS cyber crime password RPG Beijing science unlimited Pirate Bay spam James Bond Black Hat Sophos Apple MMORPG flexible working hatred BlackBerry feed Dark Market sony playstation Nintendo Sega Sinclair Spectrum gaming Mario Sonic legal lapto Facebook pirate death traffic video games fire eBooks pod casting Google social media murder staff sightings military Klingon Digital Britain Republicans Firefox Scrabble top ten tips
Advertisement
Advertisement