Threat Center Security News Apple releases patch for iPhone flaw
Apple releases patch for iPhone flaw Print E-mail
Written by Rebecca Mints   
Sunday, 09 August 2009 09:42

A vulnerability in iPhone software that was revealed in last week's Black Hat Security Conference has now been patched, according to consumer giant Apple.

An update is now available on the Apple website which aims to fix a critical iPhone flaw that attackers could exploit to crash the iPhone software.

In Apple's latest advisory, users are warned of "receiving a maliciously crafted SMS message [that] may lead to an expected service interruption or arbitrary code execution.

This means that a text message crafted by an attacker and sent to the iPhone can allow the attacker to execute code remotely.

While asking users to be wary of suspicious text messages, Apple assures them that "the update addresses the issue through improved error handling."

Two security experts, Charlie Miller and Colin Mulliner, presented the details of the iPhone flaw last week in Las Vegas during the Black Hat Security Conference.

According to Miller and Mulliner,"The memory-overflow issue could allow a minor crash or remote exploitation by sending a malicious text message to the iPhone over the short message service (SMS) available on all phones."

They also said that Apple had been informed of the flaw weeks before the Las Vegas conference.



WTW Threat Level