Specifically, the vulnerability occurs in the way the iPhone receives and sends text messages via its Short Messaging Service, or SMS. Attackers could take advantage of weaknesses in the binary code sent by the SMS to an iPhone.
If exploited, the SMS flaw could be used by hackers for malicious purposes that include tracking a victim's location via GPS, executing malicious code that launches a denial of service attack or botnet, or listening in on conversations. Users could become infected by visiting a malicious Web site or clicking on a malicious link, typically through a social engineering ploy.
The iPhone flaw was first detected by hacker Charlie Miller, who presented the SMS flaw at the SyScan conference in Singapore on Thursday. He has plans to further discuss the bug at the upcoming Black Hat USA 2009 hacker conference, according to an Intego security blog.
Meanwhile, Apple is working on a security patch and hopes to have one in place before Miller's presentation at the end of July.
Miller, an authority on Mac OS X, is the author of "The Mac Hacker's handbook. He recently achieved a successful hack into the Mac OS X during the PWN to Own contest held at the CanSecWest security conference in Vancouver, B.C.
During his SyScan presentation, Miller said that the flaw allows the hacker to "jailbreak" into the phone, which occurs when a user removes Apple's barriers to installing third-party applications, such as cracked applications and software not distributed by Apple or the iTunes Store, according to the Intego blog post.
Users who "jailbreak" an iPhone can also use the device on a carrier other than AT&T, Apple's exclusive carrier. And vulnerabilities in the iPhone's SMS function can give the attacker access to the handset.
However, despite the SMS flaw, Miller said that the stripped down version of the MacOS X in the iPhone was more secure than the full version of the Mac OS X operating system due to the fact that it doesn't support Adobe Flash and Java apps, which often leave a device vulnerable to attack. In addition, the iPhone baked in security hardware that protects its stored data, and is designed to only run code created by Apple.
While Apple doesn't have a system to rank its security flaws, the iPhone SMS vulnerability would be deemed "critical" due to the fact it can be exploited remotely.
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center