“Apple patching critical SMS vulnerability in iPhone OS”
Security researcher Charlie Miller has revealed that Apple is working on a patch for a security flaw he identified in the iPhone’s SMS implementation. The flaw can actually lead to arbitrary code execution, as he explained to Ars last month. […]
The iPhone can be instructed to execute SMS data as code instead of text, and when it executes the code it does so with root privileges and without any interaction from the user.
Wow. That’s completely unacceptable — unlike a browser vulnerability (where you can switch browsers or at least avoid shady websites), or even a port that’s open to probing on Windows (where you can hide behind a router), there is absolutely no workaround for that kind of thing, short of removing the SIM card and turning your iPhone into an iPod touch. How in hell does an iPhone end up running SMS data as root-level code?
(I’d rather the article had an official Apple quote, but I’ll assume a security researcher wouldn’t burn themselves by bragging about such a thing without grounds.)
Want to know when I post new content to my blog? It's a simple as registering for free to an RSS aggregator (Feedly, NewsBlur, Inoreader, …) and adding www.ff00aa.com to your feeds (or www.garoo.net if you want to subscribe to all my topics). We don't need newsletters, and we don't need Twitter; RSS still exists.
Legal information: This blog is hosted par OVH, 2 rue Kellermann, 59100 Roubaix, France, www.ovhcloud.com.
Personal data about this blog's readers are not used nor transmitted to third-parties. Comment authors can request their deletion by e-mail.
All contents © the author or quoted under fair use.
