Sign up for the Security newsletter

Apple plugs iPhone SMS flaw

Memory corruption left iPhone open to attack

By Larry Dignan on 3 August 2009 14:31

NEWS

Apple has plugged an SMS flaw that could enable an attacker to take complete control over an iPhone.

Researchers Charlie Miller and Collin Mulliner said at the Black Hat security conference that an attacker could use the SMS exploit to make calls, swipe data and send text messages. The attack was enabled by a memory corruption bug in all iPhone operating systems.

Apple was notified of the problem six weeks ago but did not deliver a patch. That changed on Friday when Apple patched CVE-2009-2204.

Apple said: "A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling."

Original article from ZDNet.com: Apple plugs iPhone SMS hole

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your silicon.com account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ

Get silicon.com's daily newsletter

  • Register on silicon.com

    Enter your email to register

Keep in touch with silicon.com

silicon.com newsletters