Thursday, November 20, 2008, 03:20 pm PT (06:20 pm ET)
iPhone security posting suggests 2.2 firmware tomorrowGermans documenting an exploit that forces an iPhone to dial an unwanted number have also potentially tipped users off to the imminent release of Apple's widely anticipated 2.2 firmware upgrade.
The Fraunhofer Institute for Secure Information's official release describes an attack which, after fooling users into visiting a maliciously crafted website, automatically kicks the phone into its dialer and composes a number without a chance to interrupt.
The trick theoretically allows the site owner to set up a 900 number or other calling destination that costs money or otherwise causes a problem.
Fraunhofer's Collin Mulliner notes that the exploit only requires three lines of code and is simple enough that anyone with "basic HTML knowledge" could add the formatting to a page and trigger the compromise.
While dangerous, the exploit was demonstrated to Apple a month ago with an understanding that it would be fixed soon.
The security experts, however, have also revealed that the necessary patch will surface in upcoming firmware from Apple — code which Fraunhofer claims is due on November 21st.
Although the chance exists that the update in question is a minor maintenance update, the announcement comes just as Apple is generally believed to be wrapping up development of its major iPhone 2.2 upgrade, prompting speculation that the security fix is being rolled into the larger revision and is on the verge of being released.
After converting version 2.1 into a primarily bug-focused update, the electronics giant is known to be using 2.2 as a vehicle for several important feature requests. Among these will be a complete Google Maps refresh with Street View and non-driving directions, the ability to download podcasts over the air, an altered Safari and App Store client, and emoji icons for Japanese cellphone owners that often depend on them for text messaging.
On Topic: iPhone
- Report: iPhone 5s to soon account for 1 in 5 iPhones, 5c growth stagnant
- Russia's Megafon deal with Apple, Inc. guarantees sales of 750k iPhones over 3 years
- Pebble adds eBay, Evernote & Time Warner as latest smart watch app partners
- Apple continues to add share in U.S. smartphone market, now holds 42%
- iPhones much more likely to be stolen, less likely to be broken or need replacement