iPhone OS 3.0.1 Is Out to Patch SMS Flaw, Dev Team Says it Can be Jailbroken
This Friday we reported that security experts Charlie Miller and Collin Mulliner presented an SMS injection technique at the Black Hat 2009 conference in Las Vegas. The SMS injection technique applies to the iPhone, Android and Windows Mobile-powered smartphones as well and represents a critical security problem. That’s because a person with malicious intent that successfully exploits this vulnerability could take complete control of the targeted device.
At the time it was believed that Apple, who knew about the problem for a month, would release an fix during the weekend. But it seems the Cupertino-based software developer put a rush on things and released a fix earlier: the iPhone OS 3.0.1 was released on Friday, July 31st. You can download the iPhone OS 3.0.1 update via iTunes. Just plug in your iPhone and hit “Check for Update”. Please note that the iPhone OS 3.0.1 update can be downloaded only via iTunes; it does not show up on the Apple Downloads site and it does not show up in the Software Update application.
“A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Technical University Berlin for reporting this issue,” said Apple in the official description of the iPhone OS 3.0.1 update.
It should be mentioned that no active exploits of this SMS vulnerability have been detected in the wild. Still, this is an issue that you should take very seriously. You are very well advised to update your iPhone’s operating system and stay safe.
iPhone owners that have a jailbroken iPhone should not avoid this update either. According to the iPhone Dev Team, you can use redsn0w 0.8 to jailbreak your iPhone after performing the update. “Just let iTunes update or restore you to official 3.0.1 then run redsn0w. The only “trick” is that when redsn0w asks you to identify the IPSW used, point it at the 3.0 IPSW instead of the 3.0.1 one. After the jailbreak, reinstall ultrasn0w 0.9 if you need the unlock,” explained the Dev Team.
Keeping with the jailbreak theme we have here, we all know that Apple would much rather you did not jailbreak the iPhone. As a matter of fact the company in a recent review of the U.S. Digital Millennium Copyright Act (DMCA) went as far as to say that jailbreaking is desirable to drug dealers and that jailbroken phones could be used to crash transmission towers. The company has now posted an article on its Support Site presenting all the possible side effects of jailbreaking an iPhone. You know, things like unreliable voice and data, service disruption, short battery life, app instability, and the inability to apply future software updates. And the fact that should you require service for your device, Apple will turn you down because jailbreaking is a violation of the EULA (end-user license agreement).
Tags: Apple, iPhone OS 3.0.1, SMS, Charlie Miller, Dev Team, Jailbreak
At the time it was believed that Apple, who knew about the problem for a month, would release an fix during the weekend. But it seems the Cupertino-based software developer put a rush on things and released a fix earlier: the iPhone OS 3.0.1 was released on Friday, July 31st. You can download the iPhone OS 3.0.1 update via iTunes. Just plug in your iPhone and hit “Check for Update”. Please note that the iPhone OS 3.0.1 update can be downloaded only via iTunes; it does not show up on the Apple Downloads site and it does not show up in the Software Update application.
Advertising
“A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Technical University Berlin for reporting this issue,” said Apple in the official description of the iPhone OS 3.0.1 update.
It should be mentioned that no active exploits of this SMS vulnerability have been detected in the wild. Still, this is an issue that you should take very seriously. You are very well advised to update your iPhone’s operating system and stay safe.
iPhone owners that have a jailbroken iPhone should not avoid this update either. According to the iPhone Dev Team, you can use redsn0w 0.8 to jailbreak your iPhone after performing the update. “Just let iTunes update or restore you to official 3.0.1 then run redsn0w. The only “trick” is that when redsn0w asks you to identify the IPSW used, point it at the 3.0 IPSW instead of the 3.0.1 one. After the jailbreak, reinstall ultrasn0w 0.9 if you need the unlock,” explained the Dev Team.
Keeping with the jailbreak theme we have here, we all know that Apple would much rather you did not jailbreak the iPhone. As a matter of fact the company in a recent review of the U.S. Digital Millennium Copyright Act (DMCA) went as far as to say that jailbreaking is desirable to drug dealers and that jailbroken phones could be used to crash transmission towers. The company has now posted an article on its Support Site presenting all the possible side effects of jailbreaking an iPhone. You know, things like unreliable voice and data, service disruption, short battery life, app instability, and the inability to apply future software updates. And the fact that should you require service for your device, Apple will turn you down because jailbreaking is a violation of the EULA (end-user license agreement).
Tags: Apple, iPhone OS 3.0.1, SMS, Charlie Miller, Dev Team, Jailbreak
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 09 Sep 2011
Former COO (Chief Operations Officer) and current CEO (Chief Executive Officer) of Apple Tim Cook showed his philanthropic side in an email sent out to all Apple employees. The letter announces the introduction of a
By George Norman on 06 Jan 2012
For the very low price of 99 cents you could get two apps developed by the team behind the computational knowledge engine Wolfra Alpha, apps that will help you explore the cosmos
By George Norman on 13 Dec 2011
Just like Google, Apple is celebrating the fact that people are downloading apps from its app stores. The Cupertino-based software developer announced that more than 100 million downloads have been served via its Mac App Store
By George Norman on 24 Jan 2012
Apple fanboys, and not only them, are very familiar with Steve Jobs’ quote “Stay hungry, stay foolish.” What they may not be familiar with is the fact that airline company Virgin America has an Airbus A320Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
iPhone OS 3.0.1 Is Out to Patch SMS Flaw, Dev Team Says it Can be Jailbroken
HTML Linking Code
HTML Linking Code