John
08-01-2009, 08:29 AM
The company on Friday issued the iPhone 3.0.1 software update to address the vulnerability within the iPhone's SMS software.
The flaw potentially allows an attacker to take control of a targeted phone by way of a specially-crafted SMS message. Once the flaw has been exploited, an attacker can install malware on the device or use it to perform spam runs and further attacks.
Discovery of the flaw was credited to security researchers Charlie Miller and Collin Mulliner. The two researchers formally announced and detailed the flaw earlier this week at the Blackhat security conference.
The researchers noted that similar flaws exist in the SMS components for the Google and Android and Windows Mobile platforms.
As with all other iPhone software updates, users can download and install the update through iTunes. The update is then installed when they user plugs the handset into an authorized Mac or PC system.
Discovery of the vulnerability comes as both experts and cybercriminals have been giving increased attention to mobile phones, both in terms of securing flaws and realizing potential avenues of attacks and uses for compromised devices.
The flaw potentially allows an attacker to take control of a targeted phone by way of a specially-crafted SMS message. Once the flaw has been exploited, an attacker can install malware on the device or use it to perform spam runs and further attacks.
Discovery of the flaw was credited to security researchers Charlie Miller and Collin Mulliner. The two researchers formally announced and detailed the flaw earlier this week at the Blackhat security conference.
The researchers noted that similar flaws exist in the SMS components for the Google and Android and Windows Mobile platforms.
As with all other iPhone software updates, users can download and install the update through iTunes. The update is then installed when they user plugs the handset into an authorized Mac or PC system.
Discovery of the vulnerability comes as both experts and cybercriminals have been giving increased attention to mobile phones, both in terms of securing flaws and realizing potential avenues of attacks and uses for compromised devices.