I didn't mean that they'll patch the Carrier Settings... I just thought maybe it will be a quick install like the Carrier Settings patch.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple to Release Fix for iPhone SMS Vulnerability on Saturday?
- Thread starter aldude
- Start date
- Sort by reaction score
I didn't mean that they'll patch the Carrier Settings... I just thought maybe it will be a quick install like the Carrier Settings patch.
It was posted today on the O2.ie forums that the patch will be released tonight by 11pm Irish time. You can see the post from the O2 moderator here:
http://forums.o2online.ie/forums/showthread.php?t=5196
http://forums.o2online.ie/forums/showthread.php?t=5196
It sounds like O2's going to be texting users urging them to update. We received a text advertising 3.0 so I would image they would do this to draw attention to the update.
Personally, I was finding it hard to work out why the media would actively tell people how to exploit such major security holes as this but if it is a ploy to prioritise the fix at Apple or whoever then it appears to have worked. Apple could end up coming out of a bad news story smelling of roses. (Of course no news/publicity is bad news
)
Funny how O2 knows about it first but that's probably so they can prepare their people for its imminent release.
Personally, I was finding it hard to work out why the media would actively tell people how to exploit such major security holes as this but if it is a ploy to prioritise the fix at Apple or whoever then it appears to have worked. Apple could end up coming out of a bad news story smelling of roses. (Of course no news/publicity is bad news
)Funny how O2 knows about it first but that's probably so they can prepare their people for its imminent release.
First, they need to know a few things.
Your phone number.
Is it an iPhone?
Is it running unpatched sofware?
Send 500+ text messages to you
Am I right?
Meanwhile
Meanwhile, the AT&T work experience student is carefully changing everyone's account to allow pictures to be sent via SMS, which now won't work as the security hole plugged totally breaks AT&T's process ..
They blame Apple and we wait another year so they can get it right ...
Meanwhile, the AT&T work experience student is carefully changing everyone's account to allow pictures to be sent via SMS, which now won't work as the security hole plugged totally breaks AT&T's process ..
They blame Apple and we wait another year so they can get it right ...
Yeah Apple decided to nothing about it and then within a couple of days of the disclosure they suddenly decided to research, develop, test and release a fix.
Just like all of these other security issue that they decided to nothing about until the exploit was disclosed ...
http://support.apple.com/kb/HT3639
http://support.apple.com/kb/HT3318
http://support.apple.com/kb/HT3129
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT2351
http://support.apple.com/kb/HT1312
Wake up... Apple has been working on this fix for as long as it took to develop, test and stage for deployment and aligned it to a release vehicle that could get it to customers.
This issue should have never existed in the first place... Apple should have done a better job up front but nothing they can do about that now. They are responding to this issue responsible and promptly.
if you spend some money on some commercially available data it should be no problem to find this out. and all cell phones with SMS have this issue so it's not like you only have to target iPhone users.
most viruses these days come from organized crime in other countries and it shouldn't be a big deal to do this to hack phones
Maybe the evil ones could set up an autodialler that sends SMS to millions of numbers, some of those are possibly unpatched iphones. Once you get into one, the vulnerability apparently could expose the victim's address book which might reveal other iphone numbers, etc... also, I get plenty of spam texts so people's numbers are known to certain parties and are probably used as a revenue generator for the network operators, e.g. they sell your number to third parties.
So.... there's a theoretical threat.
That's not any different then it would be now. Except now - there's a heightened awareness of the bug/virus/vulnerability. In 6 months from now after the patch - those that didn't update or didn't even know about an update will be even further from figuring out what went wrong.
TheSpaz - right now - if your phone started wacking out after getting a text - you'd immediately figure it was this vulnerability. In 6 months, perhaps not YOU specifically - but others might not add it up and get the same conclusion. They'll just see their phone bugging out and not know why.
The txt messages (btw) aren't necc. visible either. They can and from what I read - in the background never seen by the user.
Additionally - if you read the articles - you'd know it's not JUST the iphone.
Again - I am not trying to be contrary. I am merely saying that just because the patch is offered - doesn't mean the people that would launch an attack would quiet down. If anything - it might make it more fun/challenging to see who they can hijack.
A good model are virus definition files. Lots of people fail to update their anti-virus software. And clearly there are still attacks using methods which were "patched"
One thing I find interesting is that the Blackberry OS seemingly remained immune to this one, while the iPhone OS and Windows CE both fell. I guess even though the BB OS is the least enjoyable mobile OS to actually use, it is the best for paranoid corporations with data to protect from those m3g4 l33t haX0rs.
Then what was yesterday's report saying that this issue was addressed shortly after the v1 iPhones release? By addressing it, that means that Apple did something about it with iPhone OS 1.0.1 in 2007, or it wasn't a priority until 2009?
Am I the only one on this site who doesn't really care about this whole thing? Go ahead, "hack" me. I've decided I'm not going to update my phone with the supposed patch on Saturday, I'll leave it on 3.0 until 3.1 is released and the Dev-Team tools for it are released as well.
Hey! Here's an idea! Lets figure out how to hijack iPhones and then show the world! That's a good idea! How long have GSM phones been operating? Years right?
Also, where did you hear that you use the exact same hacking method for all phones?
if you do get hacked and you have financial info on your phone then the hackers may be able to access it. and if they turn your iphone into a zombie it's going to kill your battery, and maybe cause AT&T to disconnect you from their network
C'mon, get a grip. Apple most likely had the patch already in place for the 3.1 release. They could either release 3.1, or an interim. They most likely started working on the patch right after they verified the problem back when they were notified. They didn't develop a fix in 2 days. Until it became public, they didn't see a need to patch before the release of 3.1.
So, for all of the Paranoia out there........ don't throw your phones onto eBay quite yet.
So, for all of the Paranoia out there........ don't throw your phones onto eBay quite yet.