The Apple update, available through Apple's iTunes media management software, comes less than 24 hours after security researchers demonstrated an iPhone hack by exploiting an SMS, or Short Messaging Service, vulnerability during a presentation at the BlackHat 2009 conference Thursday in Las Vegas.
"We appreciate the information provided to us about SMS vulnerabilities that affect several mobile phone platforms. This morning, less than 24 hours after a demonstration of this exploit, we've issued a free software update that eliminates the vulnerability from the iPhone," Apple said in a statement.
Charlie Miller, senior analyst at Independent Security Evaluators, said during a BlackHat presentation that the SMS flaw allows a hacker to jailbreak into an iPhone -- a technique that removes Apple's barriers to installing third-party applications.
Both Miller and Collin Mulliner, a Ph.D student at the University of Berlin, demonstrated to hundreds of BlackHat IT professionals and amateur hackers the ease with which a malicious hacker could exploit the SMS vulnerability to infiltrate an iPhone and launch denial of service or man in the middle attacks without any user intervention.
"I can keep you off of the network for as long as I want," Miller said during his presentation. "The attack is silent. The user does not see it or hear it."
Specifically, the vulnerability occurs in the way the iPhone receives and sends text messages via SMS, a protocol that enables users to send text messages. Attackers could take advantage of weaknesses in the binary code sent by SMS to an iPhone, the researchers said.
Once exploited, the SMS flaw could be used by hackers to track a victim's location via GPS, execute malicious code to launch a denial of service attack, or listen in on conversations.
Miller and Mulliner demonstrated a denial of service attack on the iPhone by flooding it with hundreds of malformed text messages.
"You take malformed text, you add errors to it, you send it, then you send more. Very simple, anyone can do it," Miller said during his presentation.
Miller, an authority on the Mac OS X, first discovered the iPhone flaw in May, presenting it for at the SyScan conference in Singapore and then later at the BlackHat 2009 conference on Thursday.
During BlackHat, Miller and Mulliner demonstrated that same SMS vulnerability can be exploited to launch a DOS Google Android and on Windows Mobile platforms.
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center