Researchers warn of critical iPhone vulnerability

 

Could allow hackers to remotely execute code.

Security experts are warning of a serious vulnerability in the iPhone that could allow hackers to remotely execute code on the device.

Security researcher Charlie Miller announced the findings at the SyScan conference in Singapore yesterday. He is now reportedly working with Apple to get the problem fixed as soon as possible.

Patrick Runald, chief security advisor at Finnish web security firm F-Secure, argued on the firm's blog that the vulnerability, which exploits a weakness in the way the device deals with text messages, is "as bad as it gets".

"The vulnerability seems to allow unsigned code to run, which circumvents a core part of iPhone's security model," he wrote. "It's usually only able to run signed code, i.e. apps that have been approved by Apple. No user interaction is required, which is unlike current mobile malware."

The vulnerability could enable hackers to remotely turn on the GPS function to monitor the handset's location, or turn the microphone on to listen in on conversations, Miller is reported as saying.

Apple will be hoping it finds a fix for the vulnerability before Miller discusses the flaw in greater detail at a planned Black Hat presentation.

It has been a bad week for the iPhone. Supplies have been running out in parts of the US, and the blogosphere has been awash with claims that the new 3GS model is prone to overheating.

Copyright ©v3.co.uk


Researchers warn of critical iPhone vulnerability
 
 
 
Top Stories
ATO investigates 25 tech giants in tax hunt
Prepared to take tax evaders to court.
 
Immigration, Customs restructure IT leadership
Customs CIO promoted into transformation role.
 
NBN Co begins FTTB rollout
Will bring service to 6000 apartments.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 2959

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 932

Vote