Apple reportedly fixes SMS spoofing flaw with iOS 6
AppleInsider StaffLess than one month after a hacker discovered an SMS spoofing flaw within iOS, Apple has apparently patched the vulnerability in its newly-released iOS 6 mobile operating system.
According to website iJailbreak, the flaw uncovered in August by "pod2g" has been fixed.
The bug was related to how previous iterations of iOS handled incoming SMS messages, with the system supporting certain optional features in the SMS specification's User Data Header, including a "reply to" address. A malicious user was able to send spoofed SMS messages to an iPhone owner using any chosen reply number. Because not all phones support the advanced feature, most carriers neglect to check that part of the message, meaning the the vulnerability was seemingly limited to iPhone users.
With iOS 6, Apple has reportedly patched the flaw, no longer allowing SMS spoofing to trick iPhone users into thinking they are receiving a message from a known party.
Mike Wuerthele
Malcolm Owen
Chip Loder
William Gallagher
Christine McKee
Michael Stroup
William Gallagher and Mike Wuerthele
