Alledged critical security vulnerability in iPhone SMS application
According to US media reports, Apple is working on an update for the iPhone to fix a possibly critical vulnerability in its SMS texting application. The vulnerability was described by security expert Charlie Miller as part of his presentation at the SyScan security conference in Singapore.
Using a specially crafted text, he was able to crash the SMS application on the iPhone. Miller later clarified "I have still to determine whether it's actually exploitable or not. This thing has the potential to be really serious, but I'm still looking at it and Apple is still looking at it".
The exploit through the SMS application is could potentially do a lot of damage; it runs with root privileges, unlike most other iPhone applications which have restricted privileges and are kept in a sandbox. If an exploit is found for the problem then an attacker could, for example, gain access to the phone's GPS co-ordinates or turn on the microphone and listen in on the phone owner.
Miller has not, however, revealed any further details of the vulnerability, due, he says, to an agreement with Apple. He may also be saving something for his forthcoming presentation at Black Hat towards the end of this month, which he will be giving in conjunction with Collin Mulliner. With a little luck, Apple will by then have released their update. Mulliner has also told heise Security that "there'll be something" for other smartphone operating systems at Black Hat.