Apple patches iPhone SMS vulnerability
Apple today issued the iPhone 3.0.1 software update in response to a well-known vulnerability which could let a remote user hijack any iPhone with a simple series of SMS text messages.
This patch was actually expected to come before the Black Hat 2009 conference, where security researcher and co-author of The Mac Hacker's Handbook Charlie Miller exposed the methods of executing this hack.
It would have been a repeat of Black Hat 2007, when Miller demonstrated a WebKit security hole that allowed the hacker to obtain an iPhone user's personal information just days after Apple patched the iPhone for that very vulnerability.
This time however, the security patch wasn't issued until after Miller gave his presentation, which revealed how text messaging could be used to send binary code to the iPhone and allow remote code execution without alerting the user. All unpatched iPhones (any version) were vulnerable to attack in the meantime.
This morning, European network operator O2 said the patch was forthcoming, and Apple delivered on O2's promise later in the day, though it did not issue any comments about it.
It appears that the sole purpose of the 3.0.1 update was to fix this issue.