San Francisco (CA) – Apple has patched a critical iPhone security flaw with a 300MB firmware update. The vulnerability – identified by Charlie Miller and Collin Mulliner – was disclosed during a ‘teachable moment’ at the Black Hat conference in Las Vegas.
According to Mulliner, hackers could exploit the flaw to prevent users from making calls, acccessing the Internet and exchanging text messages. The dynamic duo also confirmed that they had tested the vulnerability on four German carrier networks. The hacks – which are reportedly enabled by an SMS memory corruption bug – were also successfully implemented over the AT&T network in the US.
Nevertheless, Club Cupertino has attempted to downplay the threat posed by the vulnerability.
“Contrary to what’s been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit,” an Apple spokesman claimed in an e-mailed statement to the Wall Street Journal.
However, the company did admit that receiving a malicious SMS message could lead to service interruptions or random code execution.
“A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution,” Apple confirmed in an official statement. “This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Fraunhofer SIT for reporting this issue.”
Firmware update 3.0.1 for the iPhone is currently available for download via iTunes.
