Advanced

By George Norman - Software News Editor

Added on 03 Aug 2009(1036 Views)

This Friday we reported that security experts Charlie Miller and Collin Mulliner presented an SMS injection technique at the Black Hat 2009 conference in Las Vegas. The SMS injection technique applies to the iPhone, Android and Windows Mobile-powered smartphones as well and represents a critical security problem. That’s because a person with malicious intent that successfully exploits this vulnerability could take complete control of the targeted device.

At the time it was believed that Apple, who knew about the problem for a month, would release an fix during the weekend. But it seems the Cupertino-based software developer put a rush on things and released a fix earlier: the iPhone OS 3.0.1 was released on Friday, July 31st. You can download the iPhone OS 3.0.1 update via iTunes. Just plug in your iPhone and hit “Check for Update”. Please note that the iPhone OS 3.0.1 update can be downloaded only via iTunes; it does not show up on the Apple Downloads site and it does not show up in the Software Update application.


“A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Technical University Berlin for reporting this issue,” said Apple in the official description of the iPhone OS 3.0.1 update.

It should be mentioned that no active exploits of this SMS vulnerability have been detected in the wild. Still, this is an issue that you should take very seriously. You are very well advised to update your iPhone’s operating system and stay safe.

iPhone owners that have a jailbroken iPhone should not avoid this update either. According to the iPhone Dev Team, you can use redsn0w 0.8 to jailbreak your iPhone after performing the update. “Just let iTunes update or restore you to official 3.0.1 then run redsn0w. The only “trick” is that when redsn0w asks you to identify the IPSW used, point it at the 3.0 IPSW instead of the 3.0.1 one. After the jailbreak, reinstall ultrasn0w 0.9 if you need the unlock,” explained the Dev Team.

Keeping with the jailbreak theme we have here, we all know that Apple would much rather you did not jailbreak the iPhone. As a matter of fact the company in a recent review of the U.S. Digital Millennium Copyright Act (DMCA) went as far as to say that jailbreaking is desirable to drug dealers and that jailbroken phones could be used to crash transmission towers. The company has now posted an article on its Support Site presenting all the possible side effects of jailbreaking an iPhone. You know, things like unreliable voice and data, service disruption, short battery life, app instability, and the inability to apply future software updates. And the fact that should you require service for your device, Apple will turn you down because jailbreaking is a violation of the EULA (end-user license agreement).





Don't forget to:

RSS


Tags: Apple, iPhone OS 3.0.1, SMS, Charlie Miller, Dev Team, Jailbreak

Link to this article:

Add comment:

Top Downloads

Copyright © FindMySoft.com 2006-2008
0.045 s