O2: Apple to patch iPhone SMS flaw this Saturday

British network operator O2 has issued a statement to the BBC confirming that Apple will fix a security issue with the iPhone on Saturday via iTunes.

Researchers revealed yesterday that they had discovered a flaw within Apple's iPhone SMS feature, an exploit that could allow a hacker access to your iPhone, disabling it and rendering it utterly useless.

The flaw was announced originally in early July and demonstrated yesterday by iPhone hacker Charlie Miller. Miller is a well known security researcher, famous for hacking a Macbook within seconds earlier this year at Pwn2Own 2009.

The flaw exploits an issue with the way the phone handles SMS messages. The attack developed by Miller works by exploiting a missing safeguard in the phones' SMS software that prevents code in the messages' text from overflowing into other parts of the device's memory where it can run as an executable program. Miller and his colleague Collin Mulliner plan to demonstrate how a series of 512 SMS messages can exploit the bug, with only one of those messages actually appearing on the phone, showing a small square. If you receive a text message on your iPhone any time before Saturday containing only a single square character, Miller advises turning the phone off as soon as possible.

The series of SMS messages will give hackers complete power over any of the smart phone's functions. This includes dialing the phone, visiting Web sites and sending SMS messages.

An O2 spokesperson confirmed to the BBC a patch would be available Saturday through iTunes. "We will be communicating to customers both through the website and proactively," the spokesperson added.

Updated: Apple has now released iPhone 3.0.1 to address the issues.

Report a problem with article
Previous Story

Microsoft blacklists leaked Windows 7 OEM key

Next Story

Win 7 Anytime Upgrade prices announced, EU & UK ripped off

4 Comments

Commenting is disabled on this article.

I'd like to see what will happen when someone without iTunes doesn't update their iPhone and sues apple down the road cause someone uses this exploit on their outdated phone.

Plus im kind of tired of hearing about this guy who hacked a macbook in a few seconds. Its like you are saying he turned it on, hit alt-f4 and got root access. Im sure he had it all scripted out anyways.

Only taken them about 6 weeks, what happens if the next flaw gets picked up by hackers working for crime organizations?

Beastage said,
Only taken them about 6 weeks, what happens if the next flaw gets picked up by hackers working for crime organizations?

then depending on how much the organization is paying apple... might take 12 weeks