Monday, July 23, 2007, 03:30 pm PT (06:30 pm ET)
Briefly: iPhone web exploit, German iPhone retailer; moreA new web exploit could force the iPhone to divulge private info to hackers. Also, Apple has redesigned its professional notebook power adapter, one German store claims it will carry the iPhone, and Duke no longer blames the Apple cellphone for network woes.
iPhone Safari exploit revealed
Consultants at Independent Security Evaluators warned iPhone users on Monday that critical holes in the mobile version of Safari would let a malicious web page feed code to the device that forced it to do "anything that the iPhone can do," including its phone services.
In a proof of concept demo given to the public by the security team, users tricked into visiting one of the sites through a link or a poisoned Wi-Fi point could have their call lists, contacts, past SMS texts, and voicemail relayed to an intruder. But this example is just a portion of what could be done, the security firm said: the worst cases could send encrypted passwords, text messages that subscribe to expensive services, and capture phone calls.
Apple has already been made aware of the exploit, which will be more fully explained by ISE when it presents at the BlackHat expo on August 2nd. In the interim, however, the company says that iPhone owners should be just as skeptical of spam links and unknown wireless hotspots as they would with an ordinary computer, as the iPhone shares many of the same features.
"The iPhone is an internet connected device running a relatively full featured software suite: this research shows that it is vulnerable just like many other similarly capable devices, both PCs and embedded systems," the consultants said.
German store claims iPhone sales rights
Despite no announcements from Apple, the German national retail chain Karstadt has directly claimed that it will sell the iPhone in time for the holidays, according to an impending article in the weekly paper WirtschaftsWoche.
"We will offer the iPhone," a Karstadt spokeswoman said in the report while estimating a release before Christmas. European Apple representatives chose not to comment on the claim.
Third-party Apple reseller Gravis has also said it was virtually certain to stock iPhones in the absence of any official stores.
Duke backtracks on iPhone network troubles
Closer looks at Duke University's wireless network have shown that the network structure, and not the iPhone itself, were to blame for the widespread outages in wireless LAN access on campus last week, the school's chief information officer Tracy Futhey said in an online statement.
Claims that the iPhone flooded the network with requests that knocked service offline were "inaccurate," Futhey wrote. Instead, the drops were said to be the result of an unusual mix of standards on the large, campus-wide network. Consulting Apple and network experts at Cisco is said to have solved the problem entirely.
"Cisco has provided a fix that has been applied to Dukes network and there have been no recurrences of the problem since," the Duke officer said. An explanation of what had triggered the glitch was reportedly coming soon as of press time.
MacBook Pro adapter shrinks
Careful observers of Apple's online store noticed on Friday that the MacBook Pro's power adapter has quietly been reduced in size.
New MacBook Pro adapter on right.
Where the old adapter (MA357LL) was one of the Mac maker's largest portable adapters yet upon its release in early 2006, the new 85-watt model — MA938LL/A — is no bigger than the 65W unit that charges the smaller 13.3-inch system. New shipping MacBook Pros also include the revamped AC adapter.
The new power brick lists for $79 and will ship in the next three to four weeks.
On Topic: General
- Rumor: Google pressured Asus to cancel Android/Windows dual-boot devices
- Apple's Tim Cook meets Israeli Prime Minister Netanyahu at Apple HQ
- Apple gobbling up retail market share as Radio Shack, Best Buy shrink
- Construction of Apple's new San Francisco flagship store gets final go ahead
- Apple exploring device pairing with Touch ID, camera privacy using diffusers