“Apple is set to release a software patch to address a recently described security flaw in the iPhone, the UK network operator 02 has said,” BBC News reports.
“Experts revealed on Thursday that modified SMS messages could result in iPhones being disconnected from the network or hijacked altogether,” The Beeb reports. “Phones incorporating the Windows Mobile and Google Android operating systems are also vulnerable, they said.”
The Beeb reports, “An O2 spokesperson said the patch would be available Saturday through iTunes. ‘We will be communicating to customers both through the website and proactively,’ the spokesperson added. ‘We always recommend our customers update their iPhone with the latest software and this is no different.'”
Full article here.
Nice to see Apple moving on this.
“We will be communicating to customers both through the website and proactively,”
…would that proactive communication involve sending text messages to their phones?
Gabriel
No, that would involve sending a SMS message.
And that update will also disable your tethering. No thanks.
So, where’s all the anti-iPhone/Apple contumely that’s usually posted here?
Oh, I see: WinMob and Android are ALSO vulnerable to this kind of attack. Aha.
So, when do THEY fix the problem? Huh? When? Seems like Apple won this one.
Now that Apple’s taking care of it’s customers, does that mean that all the other cell phones, which according to the reports are all at risk of this security flaw, are the only ones vulnerable ?
Conversely, it actually means that the iPhone is currently the only smart phone that is NOT at risk to this security flaw.
Where are the sensational headlines now that read:
iPhone alone immune from catastrophic security flaw affecting all other SMS capable phones.
Personally I consider proactive to be nothing less than coming around to my house to let me know personally.
Also included in the 3.0 update will be a small change in the programming to help iTunes determine what is an Apple product, and what is not and Apple product. Hold onto your pants Pre owners…
Symbian based cell phones are not affected.
At&t;can now send SMSs to iPhone to reset settings in case user has a problem (my friend hosed his visual VM and few other things when trying to install tethering, at&t;restored his iP by sending SMS.)
I think this is a “feature” that can be exploited.
I’ve been searching all morning for a report from someone who was there (the Black Hat conf.) and witnessed the exploit actually being used to extract someone’s personal info and/or to cause the iPhone to send a text msg to another iPhone to propagate the exploit. I’ve found nothing except one reporter who says her iPhone was crashed by them sending an SMS to her, as a demo.
All I’ve seen about the serious exploit is that “Miller claims….”.
Where’s the nitty-gritty? Post a link please.
Hey, what O2 should do is use this exploit to send an SMS that actually contains the update.
If they can.
Will this udate disable tethering?
Here we go.
The jailbraking crowd will refuse to do the update. Thereby endangering every other iPhone user.
Do we think, JUST MAYBE, that the timing of Apple’s info about jailbreaking undermining cell towers and the networks, might have something to do with this? That they knew this was coming out, and knew that the JB’ers would be refusing to engage in safe smartphone practices? If baddies start using the attack vector, it won’t take many morons with unprotected phones to create DOS attacks that affect EVERYONE.
Yes, it will disable tethering, Palm Pre, and anything else they can think of that compromises their baseline.
Grow up, little boys. Actions, or inactions, have consequences.
“Will this update disable tethering?”
DUDES.
YOUR PHONES WONT. WORK.
without the update, if this exploit goes live.
Get your heads out of your butts.
@Breeze
Where are the sensational headlines now that read:
iPhone alone immune from catastrophic security flaw affecting all other SMS capable phones.
Look for it on MDN by tomorrow evening.
Oh, please!
An SMS exploit that can affect three DIFFERENT platforms??? Better dust off the Mac anti-virus s/w software ’cause those PC exploits are a comin’!
The update is already up in iTunes. Update 3.0.1
@G3n0
What are you talking about? The iTunes updater states version 3.0 is the current version.
@Exhibit A, the hacker has to have your phone number to send you the text message. Are any on your friends hackers? Are any of your hacker friends going to attack you? If so you might be at risk. But as far as me a my friends go I am safe. And I am tethering. And I know a kid that is teething.