Apple expects to have a fix later this month for a vulnerability in the iPhone that could allow an attacker to gain control of the device remotely via SMS, a security researcher said on Thursday. Miller said that under an agreement with Apple, he was barred from providing too much detail on the vulnerability. He plans to give a more detailed presentation on the hole at the Black Hat conference in Las Vegas at the end of the month.
An attacker could exploit a weakness in the way iPhones handle SMS (short message service) messages to do things like use GPS to track the phone's location, turn on the microphone for eavesdropping, or take control of the device and add it to a botnet, Charlie Miller, co-author of The Mac Hacker's Handbook and principal security analyst at Independent Security Evaluators, said in a presentation at the SyScan conference in Singapore. The presentation was covered by IDG News Service.
Despite the SMS hole, which "could be a critical vulnerability," the iPhone is more secure than OS X on computers, Miller said. That is because the iPhone doesn't support Adobe Flash and Java, only runs software digitally signed by Apple, includes hardware protection for data stored in memory, and runs applications in a sandbox, he said.
No comments:
Post a Comment