Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple to Release Fix for iPhone SMS Vulnerability on Saturday?

daneoni said:
Probably gonna be a 3.0.1 not the 3.1 update
Click to expand...

Hopefully not, although you are probably right. I don't want to do a full OS update though because 1) it takes ages and 2) a "friend" might not want to erase that jailbreak status...
 
i wonder if we'll get a monthly patch cycle like MS does

i already joke with people that i'll be downloading service pack 1 for my cell phone soon
 
aldude said:
Hopefully not, although you are probably right. I don't want to do a full OS update though because 1) it takes ages and 2) a "friend" might not want to erase that jailbreak status...
Click to expand...

Your "friend" will still have to jailbreak again. It's still a full OS update, it does the same thing that updating to 3.1 would do.
 
I hope it's just a small patch for any iPhone OS version. I'd hate to think we'll be forced to upgrade to 3.0 if we don't want to. They could install the patch in a similar way the Carrier Settings updates are installed.
 
Etnies419 said:
Your "friend" will still have to jailbreak again. It's still a full OS update, it does the same thing that updating to 3.1 would do.
Click to expand...

Ah, but what if the updated full OS also contains some updates that prevented jailbreak, at least by current methods?
 
TheSpaz said:
I hope it's just a small patch for any iPhone OS version. I'd hate to think we'll be forced to upgrade to 3.0 if we don't want to. They could install the patch in a similar way the Carrier Settings updates are installed.
Click to expand...
Resistance is futile ... ;)
 
Apple to Release Fix for iPhone SMS Vulnerability on Saturday?



According to BBC News, an O2 spokesperson has revealed that Apple will be delivering an update on Saturday to address an iPhone SMS security vulnerability disclosed yesterday at the Black Hat cybersecurity conference in Las Vegas.
An O2 spokesperson said the patch would be available Saturday through iTunes.

"We will be communicating to customers both through the website and proactively," the spokesperson added.

"We always recommend our customers update their iPhone with the latest software and this is no different."
Click to expand...
The flaw reportedly affects not only the iPhone but also other phones running Windows Mobile and Google's Android operating system, although the iPhone has gained the most significant publicity regarding the issue due to its high-profile status.

As disclosed by Charlie Miller and Collin Mulliner, the vulnerability lies in the modification of data that accompanies text messages and is not seen by the user. Because most operating systems use similar mechanisms to handle SMS data, the vulnerability affects a range of operating systems and devices.
The approach is particularly dangerous because messages are delivered automatically, and users cannot tell that they have received the malicious code.

The problem could be fixed by directly patching the vulnerability in smartphones' operating systems, or the network providers could scan for messages that look to be trying to gain access to phones via the malicious code.
Click to expand...
Google has reportedly already taken steps to address the issue, but there is no word on whether Microsoft or wireless carriers are also working to prevent the vulnerability from compromising their systems.

Article Link: Apple to Release Fix for iPhone SMS Vulnerability on Saturday?
 
Etnies419 said:
Your "friend" will still have to jailbreak again. It's still a full OS update, it does the same thing that updating to 3.1 would do.
Click to expand...

Who said it would be a full OS update? Thats false, they said it would be a patch, and it will likely be installed like the carrier setting files IMO.
 
benflick said:
Who said it would be a full OS update? Thats false, they said it would be a patch, and it will likely be installed like the carrier setting files IMO.
Click to expand...

That would be nice, but even if they REQUIRE 3.0.1 or 3.1 or whatever it is, I'll stay on 2.2.1. After the patch is issued, the hackers won't have much reason to attack anymore, thus making getting hacked a little more rare.
 
benflick said:
Who said it would be a full OS update? Thats false, they said it would be a patch, and it will likely be installed like the carrier setting files IMO.
Click to expand...

That might not do the trick. According to some sources (check e.g. MuscleNerd's Twitter) the vulnerability is part of the OS software, e.g. the control centre or springboard, so will need either a software patch or a full new OS containing patched bits. Seeing as Apple tends to release full OS as updates instead of just patches, it's probable that they'll do it that way this time too :(
 
So, Apple will fix tomorrow. I wonder how long it will take microsoft and google?
 
Exactly depends where the flaw lies, maybe in the SMS.app but more likely in the background comms stack services running to deal with incoming network protocal calls ... could even be in the baseband

It will be a 3.0.1 likely 'patch' but it will be a full 300Mb install update like normal ... doubt it something they can deploy with the carrier network settings
 
The speed at which they are releasing this patch after the vulnerability was made public makes a strong case that publicizing security vulnerabilities is a good thing. I'm sure Apple would have gotten around to fixing it eventually, but eventually isn't soon enough when it comes to security holes of this magnitude.
 
TheSpaz said:
That would be nice, but even if they REQUIRE 3.0.1 or 3.1 or whatever it is, I'll stay on 2.2.1. After the patch is issued, the hackers won't have much reason to attack anymore, thus making getting hacked a little more rare.
Click to expand...

Not to be contrary. But that's exactly the reason that there WOULD be someone trying an attack. Fact is - there are tons of people that never update their phone or even know updates are available. Some people just arent tech savvy yet have their cool device.


After the "hoopla" has died down - those that didn't update are vulnerable and easy pickings...
 
Hopefully its more than just patching that will be released in this update, maybe some bug fixes and speed enhancements
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back