New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple to Release Fix for iPhone SMS Vulnerability on Saturday?

Friday July 31, 2009 7:00 am PDT by Eric Slivka
According to BBC News, an O2 spokesperson has revealed that Apple will be delivering an update on Saturday to address an iPhone SMS security vulnerability disclosed yesterday at the Black Hat cybersecurity conference in Las Vegas.

An O2 spokesperson said the patch would be available Saturday through iTunes.

"We will be communicating to customers both through the website and proactively," the spokesperson added.

"We always recommend our customers update their iPhone with the latest software and this is no different."

The flaw reportedly affects not only the iPhone but also other phones running Windows Mobile and Google's Android operating system, although the iPhone has gained the most significant publicity regarding the issue due to its high-profile status.

As disclosed by Charlie Miller and Collin Mulliner, the vulnerability lies in the modification of data that accompanies text messages and is not seen by the user. Because most operating systems use similar mechanisms to handle SMS data, the vulnerability affects a range of operating systems and devices.

The approach is particularly dangerous because messages are delivered automatically, and users cannot tell that they have received the malicious code.

The problem could be fixed by directly patching the vulnerability in smartphones' operating systems, or the network providers could scan for messages that look to be trying to gain access to phones via the malicious code.

Google has reportedly already taken steps to address the issue, but there is no word on whether Microsoft or wireless carriers are also working to prevent the vulnerability from compromising their systems.

[ 111 comments ]