As reported initially here, and again here, researchers Charlie Miller and Collin Mulliner demonstrated, at this week’s Black Hat security conference in Las Vegas, how hackers can take over iPhones by sending them specially-crafted SMSs. Apple has issued a security update for the iPhone to patch this vulnerability. As Apple explains:
Impact: Receiving a maliciously crafted SMS message may lead to an
unexpected service interruption or arbitrary code execution
Description: A memory corruption issue exists in the decoding of SMS
messages. Receiving a maliciously crafted SMS message may lead to an
unexpected service interruption or arbitrary code execution. This
update addresses the issue through improved error handling.
We wonder why Apple waited until after the researchers’ presentation to issue the update. Was it because the researchers negotiated the release, so their presentation would not – after the update – effectively be useless?
This update is available only through iTunes. More information is available here.
More info: Forbes discusses Apple’s way of approaching this bug and updating the iPhone software.