“Apple patching critical SMS vulnerability in iPhone OS”
Security researcher Charlie Miller has revealed that Apple is working on a patch for a security flaw he identified in the iPhone’s SMS implementation. The flaw can actually lead to arbitrary code execution, as he explained to Ars last month. […]
The iPhone can be instructed to execute SMS data as code instead of text, and when it executes the code it does so with root privileges and without any interaction from the user.
Wow. That’s completely unacceptable — unlike a browser vulnerability (where you can switch browsers or at least avoid shady websites), or even a port that’s open to probing on Windows (where you can hide behind a router), there is absolutely no workaround for that kind of thing, short of removing the SIM card and turning your iPhone into an iPod touch. How in hell does an iPhone end up running SMS data as root-level code?
(I’d rather the article had an official Apple quote, but I’ll assume a security researcher wouldn’t burn themselves by bragging about such a thing without grounds.)
Vous voulez savoir quand je poste du contenu sur mon blog ? Il suffit de vous inscrire gratuitement à un agrégateur RSS (Feedly, NewsBlur, Inoreader, …) et d'ajouter www.ff00aa.com à vos flux (ou www.garoo.net pour vous abonner à tous les sujets). On n'a pas besoin de newsletters, pas besoin de Twitter, le RSS existe toujours.
Mentions légales : ce blog est hébergé par OVH, 2 rue Kellermann, 59100 Roubaix, France, www.ovhcloud.com.
Les données des visiteurs de ce blog ne sont pas utilisées ni transmises à des tiers. Les posteurs de commentaires peuvent demander leur suppression par e-mail.
Tous contenus © de l'auteur ou couverts par le droit de citation.
