On the heels of a Black Hat conference demo of an iPhone hijack via text messages, Apple has shipped an iPhone update with patches for the security flaw.
The iPhone OS 3.0.1 update, available only via iTunes, addresses a memory corruption issue in the way the device decodes SMS (text) messages. Apple warned that a maliciously crafted SMS message may lead to an unexpected service termination or arbitrary code execution.
Apple credited Charlie Miller (of Pwn2Own fame) and Collin Mulliner with reporting the bug.
The patch came just 24 hours after Miller and Mulliner discussed details of the hack at this year’s Black Hat conference.
During the conference, SMS vulnerabilities took center stage with another pair of researchers demonstrating techniques to send MMS or SMS messages from spoofed addresses.
In one of the scenarios, Miras and Lackey wrote a specially crafted SMS notification message that looked as if it had come from the user’s carrier. Once opened, the message then forces the user’s phone to connect the attacker’s server instead of the carrier’s server to retrieve whatever content the attackers choose.
The pair also demonstrated a technique for redirecting a victim’s mobile Internet traffic to a proxy server that they control. By sending new configuration settings over the air to a victim’s phone, Miras and Lackey are able to point the phone to a proxy that they control, creating a man-in-the-middle attack that lets them monitor all of the Internet traffic to and from the phone.
The pair released tool called TAFT (There’s an Attack for That) that can be used to execute several different attacks.
