iPhone SMS Security Vulnerability to Be Disclosed Today

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jul 30, 2009.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]

    Forbes reports that cybersecurity researchers plan to publicize today at the Black Hat conference in Las Vegas a security vulnerability in the iPhone SMS messaging system that reportedly would allow hackers to in theory "take over every iPhone in the world".
    According to the report, researchers Charlie Miller and Collin Mulliner notified Apple of the vulnerability over a month ago, but the company has yet to issue a patch for it.

    Miller was the lead researcher behind an effort that discovered a vulnerability in the original iPhone soon after its 2007 launch, a flaw that Apple addressed with the release of iPhone OS 1.0.1 just two days before Miller was set to publicize his findings at that year's Black Hat conference.

    Article Link: iPhone SMS Security Vulnerability to Be Disclosed Today
     
  2. Cjr605 macrumors member

    Joined:
    Jul 10, 2008
  3. QCassidy352 macrumors G4

    QCassidy352

    Joined:
    Mar 20, 2003
    Location:
    Bay Area
    #3
    ...why would they publish this information? I'm not absolving apple of blame here, but come on. Just because you have freedom of speech doesn't mean it's not reckless to use it in a case like this.
     
  4. Padraig macrumors 6502a

    Joined:
    Dec 12, 2005
    #4
    To force Apple into sorting this out.
     
  5. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
    #5
    It happens all the time. Security people find holes, report it to the vendor, and they're given ample time to fix it. Apple are being slack, it's up to them to fix it, and quickly.
     
  6. NinjaHERO macrumors 6502a

    NinjaHERO

    Joined:
    Aug 29, 2008
    Location:
    U S of A
    #6
    Good, keep finding the holes and keep fixing them. The only way to make it safer.
     
  7. Rot'nApple macrumors 65816

    Rot'nApple

    Joined:
    Dec 27, 2006
    Location:
    I DID build that!
    #7
    Put a fire under Apple's feet for resolution, maybe?


    Yeah, President Bush had that same problem with the New York Times publishing reports that the Administration believed would harm national security. Didn't stop the Times...
     
  8. walnuts macrumors 6502a

    Joined:
    Nov 8, 2007
    Location:
    Brooklyn, NY
    #8
    It looks like apple would have preferred to just roll the fix into 3.1, and now this will force their hand (or they'll ignore it too...)
     
  9. uberamd macrumors 68030

    uberamd

    Joined:
    May 26, 2009
    Location:
    Minnesota
  10. 4np macrumors 6502a

    4np

    Joined:
    Feb 23, 2005
    Location:
    The Netherlands
  11. windywoo macrumors 6502a

    windywoo

    Joined:
    May 24, 2009
    #11
    "What are we going to do today Pinky?"

    "Same thing we do every day Brain, try to take over every iPhone in the world!"

    Overheard at the Black Hat conference.
     
  12. abrooks macrumors 6502a

    Joined:
    Sep 18, 2004
    Location:
    London, UK
    #12
    Anybody know if this is *already* fixed in 3.1?
     
  13. Diode macrumors 68020

    Diode

    Joined:
    Apr 15, 2004
    Location:
    Washington DC
    #13
    Zombie iphones on the loose!
     
  14. flapperdink macrumors member

    Joined:
    Jan 25, 2009
    #14
    if not, i'm sure it will now. perhaps this will push up the delivery date of 3.1
     
  15. Gregintosh macrumors 68000

    Joined:
    Jan 29, 2008
    Location:
    Chicago
    #15
    Good! Finally someone will light a fire under Apple's lazy butt. It's time Apple was held accountable for things like this. They need to realize that security issues that put their users at risk need to be taken care of ASAP -- that means not taking their sweet time to issue a fix. A month after they've become aware of it is RIDICULOUS.
     
  16. kornyboy macrumors 68000

    Joined:
    Sep 27, 2004
    Location:
    Knoxville, TN (USA)
    #16
    Wirelessly posted (iPhone: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16)

    This is crazy. I'm sure an update to fix this will come very soon.
     
  17. trunksu macrumors 6502

    Joined:
    Feb 21, 2008
    #17
    sometimes it feels like Apple is becoming more and more like Microsoft. but at least Microsoft would have patched it already :eek:
     
  18. netnothing macrumors 68040

    netnothing

    Joined:
    Mar 13, 2007
    Location:
    NH
    #18
    Actually, from the article, it seems Microsoft is just as bad!


    -Kevin
     
  19. 53buick macrumors member

    Joined:
    Aug 1, 2005
    Location:
    athens, ga
    #19
    i'm with you.
     
  20. TheSpaz macrumors 604

    TheSpaz

    Joined:
    Jun 20, 2005
    #20
    You guys are being really unfair towards Apple.

    Listen to me for a minute here:

    1. I read that this security hole has existed on EVERY version of the iPhone software to date.

    2. Nothing has happened since then... why should Apple have to rush the iPhone development to fix this?

    3. If this one dude had just told Apple about it and shut up, Apple would have fixed it with 3.1 and nobody else would have known.

    4. Now, everyone at this Black Hat thing is going to know how to execute this hack and Apple will probably be FORCED to release an unfinished update. Why would you want that?

    I just think it's very crappy to only give Apple a month to fix something that has been there for 2 years already. What a jerk.
     
  21. Shasterball macrumors 6502a

    Shasterball

    Joined:
    Oct 19, 2007
    #21
    Come on Apple. Fix it...

    At this point it is too late -- there's no way they can push a patch that people will install before this vulnerability is leaked and is out there for a while...
     
  22. quagmire macrumors 603

    quagmire

    Joined:
    Apr 19, 2004
    #22
    Couldn't they have waited until 3.1 to publicize this to see if Apple incorporated the fix into it?
     
  23. surf2snow1 macrumors regular

    Joined:
    Feb 26, 2008
    #23
    x3 apple will get this resolved. Although it would suck when your bill arrived and you didnt have a text messaging plan!
     
  24. mobi macrumors 6502

    mobi

    Joined:
    Jul 26, 2004
    Location:
    Penn's Woods
    #24
    Wow, this has the possibility to be big news...i'll be tuning in to this one.
     
  25. happydude macrumors 65816

    happydude

    Joined:
    Sep 2, 2006
    Location:
    a gasping dying planet
    #25
    agreed. i'm generally against people publicizing hacks others can then take advantage of, but if apple has known about this for a month or more, it needs to happen so they'll finally fix it. it's ridiculous for apple to not have patched this hole yet.
     

Share This Page

182 July 30, 2009