Apple releases iPhone firmware 3.0.1, fixes SMS flaw

Apple has responded to the security alert reported yesterday about the iPhone being vulnerable by SMS, where a hacker could lock up your iPhone, rending it useless, or even take control over it remotely.

Apple has released a patch for the SMS vulnerability, available immediately on iTunes. The firmware update, labeled as 3.0.1, contains only an update for the SMS attack. In the description of the update on Apple.com describes the update as:

A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Fraunhofer SIT for reporting this issue.

The update is available for all iPhone users, including first generation, iPhone 3G and iPhone 3GS.

Report a problem with article
Previous Story

Win 7 Anytime Upgrade prices announced, EU & UK ripped off

Next Story

1 billion Firefox downloads served

53 Comments

View more comments

bbfc_uk said,
Bonus! :)

Maybe it was a botched firmware install when you updated to 3.0, and this one went better.


It would be ridiculously rare for it to be botched in this particular way. Not only are the images signed, but for that to be the only problem, wow, it would be a huge improbability.

So yesterday Apple sucked because they hadn't addressed this shocking flaw and today Apple sucks because the download is large? Just checking.

It is a small flaw in Apple's software. It is unpatchable and needs a full download of the firmware to update something as small as this. Reminds me of when they released 2.2.1, all it did was fix "stability" issues with Safari, but mostly blocked the dev team.

Maybe 4.0 will be different, allowing smaller patches to be available, but with that comes numbers amounts of vulnerability holes in the software...

it's not just an iPhone firmware thing but. Quicktime, iTunes ect all require substantial downloads for fixes. I don't think it's unrealistic for users to expect a company as large as theirs to be able to implement patching, especially if they are going to install tools that check for updates and the like to the system.

I don't think people are complaining that the fix is out (although it perhaps could have arrived sooner ideally).

I guess you're SOL until the next beta (or RC or RTW) release of 3.1. Unless of course Beta 3 includes this fix and they just haven't told anybody.

No, this update ONLY patches the SMS flaw and nothing else. You can still jailbreak this version by pointing at the 3.0 firmware. No baseband or any other changes were implemented.
Your tethering loophole will be fixed in 3.1

Andrew Lyle said,
No, this update ONLY patches the SMS flaw and nothing else. You can still jailbreak this version by pointing at the 3.0 firmware. No baseband or any other changes were implemented.
Your tethering loophole will be fixed in 3.1

I'm running 3.1 beta 3 and the tethering hack still works fine.

And what about iPod Touch users like myself who downloaded the update, which to be honest was not worth it because ever since I updated, it crashes all the time, I used to get emails with pictures, example. Ebuyer send me an email with current offers, same with Scan and now; I don't see anything. The browser is rubbish, applications tun slow, when you are typing as I am now, there is a delay and it comes up a few seconds later. Another annoying... Bl**dy irratating thing, when you are typing it jumps up the page to the top or to the bottom depending what website you are on. Fix the darn issues with the iPod Touch as well because it's driving me crazy. I used to like my iPod Touch now I hate the darn thing because the update has made it worse. I thought, I was the only one with these problems, until I searched through the Internet and found other people with the same issues as me. I have contacted Apple in the US and they said we have not recieved any information about people complaining about the software update.

Just look at your forum and around the Internet are you blind or just ignoring the fact the software update may have been a sucess with the iPhone but it sure not the case with the iPod Touch.

with 3.0.1 i type more fast (run SMS app seams more slow) than 3.0 but this time i do not backup my iphone, just sync them. I lost my sms and all call reports but it's better this away.

Cya

Why would you put this on your touch? The update is for the iPhone only, only difference is the SMS flaw fix... You did not have to update at all

Yea, something is not right. This update will not show up for iPod Touches. As for your other problems, maybe you should try a restore? I had the old 2G iPhone and now the 3GS, and I didn't see any problems with them on 3.0 (or 3.0.1, for that matter). Could be an iPod specific issue, though.

Wow and I just finished customising my iPhone the way I like it. Damn apple and their firmware updates, everytime I have to jailbreak, then download and customise!! ahh so annoying.

My update to 3.0.1 failed and was stuck in recovery mode... Had to restore from the backup I did just prior to doing the update. Lost all knds of app settings after the restore and sync. Why can't they restore app settings??? At least all my apps/music/movies/photos were restored okay. My wife's phone of course updated fine.

Apple has publically acknowledged the two people who found this issue. That does not happen very often (you don't see those in Microsoft Update do you?). That's recognition enough don't you think?

jafoman said,
My update to 3.0.1 failed and was stuck in recovery mode... Had to restore from the backup I did just prior to doing the update. Lost all knds of app settings after the restore and sync. Why can't they restore app settings??? At least all my apps/music/movies/photos were restored okay. My wife's phone of course updated fine.

Apple has publically acknowledged the two people who found this issue. That does not happen very often (you don't see those in Microsoft Update do you?). That's recognition enough don't you think?

No, they don't credit people on WU/MU, but they have issued props to the discovering parties quite a few times in the past.

1. how the hell can ushc a vulnerbility be in the sms app? how can anything in the messaging app be related to controling the iphone remotely? :/
apple really program in wierd ways, anyone knew that safari on the iphone/ipod uses the mail app to create bookmarks? noticed this due to the fact that 3.0 have problems with hidden apps :/

2. Seriously there should have been an update out much earlier adressing som other erros out there, like the random wifi/internet problems... me and a friend both have 16gb ipod touches, his cant use internet with 3.0 or barely with some luck, i just noticed the ipod touch can do over 1mbit/s download over wifi :P

Apparently it was exploiting the way SMS messages are encoded. The maximum message length varies depending on the character set used, so if there's a flaw in gauging and trimming the received message it could theoretically result in this by creating a buffer overrun.

http://en.wikipedia.org/wiki/Short_message_service

Transmission of short messages between the SMSC and the handset is done using the Mobile Application Part (MAP) of the SS7 protocol. Messages are sent with the MAP mo- and mt-ForwardSM operations, whose payload length is limited by the constraints of the signaling protocol to precisely 140 octets (140 octets = 140 * 8 bits = 1120 bits). Short messages can be encoded using a variety of alphabets: the default GSM 7-bit alphabet (see GSM 03.38 for details), the 8-bit data alphabet, and the 16-bit UTF-16 alphabet.[26] Depending on which alphabet the subscriber has configured in the handset, this leads to the maximum individual Short Message sizes of 160 7-bit characters, 140 8-bit characters, or 70 16-bit characters (including spaces). Support of the GSM 7-bit alphabet is mandatory for GSM handsets and network elements,[26] but characters in languages such as Arabic, Chinese, Korean, Japanese or Cyrillic alphabet languages (e.g. Russian) must be encoded using the 16-bit UTF-16 character encoding (see Unicode). Routing data and other metadata is additional to the payload size.

Larger content (Concatenated SMS, multipart or segmented SMS or "long sms") can be sent using multiple messages, in which case each message will start with a user data header (UDH) containing segmentation information. Since UDH is inside the payload, the number of characters per segment is lower: 153 for 7-bit encoding, 134 for 8-bit encoding and 67 for 16-bit encoding. The receiving handset is then responsible for reassembling the message and presenting it to the user as one long message. While the standard theoretically permits up to 255 segments,[27] 6 to 8 segment messages are the practical maximum, and long messages are often billed as equivalent to multiple SMS messages. See Concatenated SMS for more information. Some providers have offered length-oriented pricing schemes for SMSs, however, the phenomenon is disappearing.

Commenting is disabled on this article.