Friday, July 31, 2009, 11:30 am PT (02:30 pm ET)
Apple releases iPhone 3.0.1 software to fix SMS exploitResponding to a dangerous security exploit unveiled this week, Apple released an update to its iPhone operating system Friday to patch the security hole.
Firmware 3.0.1 is now available for the iPhone, iPhone 3G and iPhone 3GS through iTunes. The update is around 300MB. There is no indication that there are any new features or fixes other than the text message exploit patch.
Earlier Friday, it was reported that Apple would release a fix for the exploit Saturday, but the iPhone maker beat that deadline Friday afternoon.
Security researcher Charlie Miller, co-author of The Mac Hackers Handbook, demonstrated the hack Thursday at the Black Hat 2009 conference in Las Vegas. The attack takes advantage of a vulnerability in the phones short messaging service, or SMS, feature, allowing an outside party into the phones root access without the owners knowledge.
The exploit takes advantage of the fact that SMS can send binary code to a phone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone. The exploit supposedly exposes the iPhone completely, giving hackers access to the camera, dialer, messaging and Safari. It occurs regardless of hardware revision or which version of the iPhone OS is running.
The technique involves sending only one unusual text character or else a series of "invisible" messages that confuse the phone and open the door to attack. Because users won't know whose messages to block in advance, there's little iPhone owners can do but to shut off the phone immediately if they suspect they're at risk — a real problem as the trick could also be used to make an iPhone send more messages of its own.
On Topic: General
- Future Apple devices may boast environmental sensor suite with built-in thermometer
- Apple's display tech lets users interact with 3D objects in mid-air
- Judge denies Apple motion to stay upcoming e-books damages trial
- Apple 'on the prowl' with 24 acquisitions in last year and a half
- Google agreed to pick up tab for some Samsung legal fees, take on liability in case of loss