Skip to navigation
   
Asavin Wattanajantra's Blog
RSS

Apple iPhone vulnerability ‘as bad as it gets’

By Asavin Wattanajantra in Editorial

Posted in Charlie Miller, hack, iPhone, Apple on July 3, 2009 at 2:56 pm

Permalink | Author Profile

Charlie Miller, well known in the security world for hacking Apple’s Safari browser in seconds, has found a new vulnerability in the iPhone that security vendor F-Secure has described as “bad as it gets”.

According to the original article,  the vulnerability appears to allow unsigned code to run which circumvents a core part of the iPhone’s security model. Usually it is only able to run signed code, like Apps approved by Apple.

Miller said it doesn’t even need user-interaction, and exploits a weakness in the way the iPhone’s handles SMS text messages. He wouldn’t provide more details of the problem, and it looks like Apple are trying to hurry a patch to secure the exploit.

He also claimed that the malicious code could have been used to monitor the location of the phone using GPS, turn on the phone’s microphone to listen to conversations, or even make it join a botnet or denial of service attack.

It isn’t the first time that Miller has found weaknesses in Apple products. As well as the Safari hack, in April Miller found a different weakness in the previous version iPhone.

However, he says that the iPhone OS is more secure than the full Mac OS X as it removes applications and features like support for Adobe Flash and Java, which PC users have learned is a serious weak point on Windows.

However as the Register also reports,  an SMS attack is very crafty, and something very difficult for iPhone users to protect against.

Charlie Miller will reveal more at the Black Hat conference later this month.

12345
Not yet rated
Loading ... Loading ...

 

   
Tag cloud

eBooks remote working mobile Kindle multimedia phishing teenagers website surveillance Republicans ASA World of Warcraft David Blunkett PR ENISA brain tool fire Spotify Amazon NHS smartphone Terminator status hack Mario Fraud paranoia Clampi Cisco IT PRO Google brainwaves SQL injection journalism iPhone flashmob credit card data pride BlackBerry sony playstation Nintendo Sega Sinclair Spectrum gaming Mario Sonic ducks Apple traffic Second Life Sonic science unlimited streaming alibi downloading Sophos lapto Daily Mail FBI Lewis hamilton Pirate Bay MMORPG Star Trek Mozilla government hacking Hitwise spam trend micro Twitter swear words social media poking music video YouTube morph Twitpocalypse Black Hat flaw offline Scrabble tech opinion crime BERTI vote satnav Flurry malware Digg RPG hype Nintendo filters Digital Britain Bill Gates alcohol replies instant messaging DNS update hackers DNSSEC news Farmville cybercrime pod casting phone death murder Google Reader Firefox Transformers university of portsmouth uSwitch Google Maps future control password growth research Sega Facebook software human clones military Mafia Wars Wherecloud old school worm legal pirate James Bond Kaminsky Friendfeed data breaches broadband Google Street View cyber crime privacy Beijing app nokia Dark Market Steve Jobs browser Microsoft flexible working Christmas hatred ID cards Klingon illegal Olympics bendy video games medials kill IM crime map Google sightings staff feed RSS internet funny robots virtual worlds top ten tips rickrolling fun
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement