Government // Mobile & Wireless
News
7/31/2009
04:00 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Fixes iPhone SMS Vulnerability

Moving to close a hole revealed at the Black Hat security conference on Thursday, Apple has released iPhone OS 3.0.1.

Apple on Friday patched a vulnerability in its iPhone that offered cybercriminals a way to steal data or hijack the device using a specially-crafted SMS message.

The company released iPhone OS 3.0.1 specifically to address the vulnerability, which was disclosed at the Black Hat security conference in Las Vegas on Thursday.

The update can be downloaded through iTunes.

As per responsible disclosure practices, Charlie Miller and Collin Mulliner, the security researchers who found the flaw, notified Apple of the problem in advance so the company would have time to prepare a patch.

The pair also identified a vulnerability affecting Android phones. Google said that it fixed the issue prior to the Black Hat presentation.

A poll of 94 security professionals at the Black Hat conference, conducted by security vendor nCircle, has found that more than half of respondents (56%) believe that Apple's iPhone will be the mobile phone that is most vulnerable to attack for the remainder of 2009.

For other phone platforms, speculation about future vulnerability broke down as follows: Android (14%), Blackberry (8%), Nokia OS (5%), Other (15%).

"Unfortunately, it looks like the security problems with iPhone will continue to grow until Apple makes security a higher priority," said Andrew Storms, director of information technology at nCircle, in a statement. "If there is a silver lining for iPhone users, it's that all of the security research attention it is getting could eventually turn the iPhone into one of the most secure mobile platforms."

In a statement issued to The Wall Street Journal, Apple downplayed the danger of the SMS vulnerability by noting that no one had actually lost any personal information through the exploitation of the vulnerability.

That's not entirely surprising given that the vulnerability has only been publicly known for a day, but it does underscore the fact that active exploitation of mobile phone vulnerabilities is currently a far less significant risk than that posed by PC-based malware.

Registration is now open for the leading enterprise communications event, VoiceCon. It happens in San Francisco, Nov. 2-5. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.