Researchers warn of critical iPhone vulnerability

By

Could allow hackers to remotely execute code.

Security experts are warning of a serious vulnerability in the iPhone that could allow hackers to remotely execute code on the device.

Security researcher Charlie Miller announced the findings at the SyScan conference in Singapore yesterday. He is now reportedly working with Apple to get the problem fixed as soon as possible.

Patrick Runald, chief security advisor at Finnish web security firm F-Secure, argued on the firm's blog that the vulnerability, which exploits a weakness in the way the device deals with text messages, is "as bad as it gets".

"The vulnerability seems to allow unsigned code to run, which circumvents a core part of iPhone's security model," he wrote. "It's usually only able to run signed code, i.e. apps that have been approved by Apple. No user interaction is required, which is unlike current mobile malware."

The vulnerability could enable hackers to remotely turn on the GPS function to monitor the handset's location, or turn the microphone on to listen in on conversations, Miller is reported as saying.

Apple will be hoping it finds a fix for the vulnerability before Miller discusses the flaw in greater detail at a planned Black Hat presentation.

It has been a bad week for the iPhone. Supplies have been running out in parts of the US, and the blogosphere has been awash with claims that the new 3GS model is prone to overheating.

Researchers warn of critical iPhone vulnerability
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
allowcodehackershardwareiphonesecurityvulnerability

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

Porn industry standardises on HD-DVD

Porn industry standardises on HD-DVD
La Trobe ACAMI supercomputer comes online

La Trobe ACAMI supercomputer comes online
TfNSW extends deal for mobile phone detection cameras

TfNSW extends deal for mobile phone detection cameras
Australian teen leaks pictures of new iPhone parts

Australian teen leaks pictures of new iPhone parts
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?