iPhone: Google Talk, new security threats

Google is making its Google Talk instant-messaging application available for Apple's iPhone and iPod Touch, however these new applications come in light of new security scares.

Google is making its Google Talk instant-messaging application available for Apple's iPhone and iPod Touch, however these new applications come in light of new security scares.

One of Google's software engineers revealed the news about Google Talk in a blog on Wednesday.

"In addition to sending your friends Gmail messages from your iPhone, you can now chat with them while you're on the move," Adam Connors, of Google's mobile team said in the blog.

The application doesn't require any software to be installed or downloaded. Instead it works within the phone's browser, so users can simply go to the site www.google.com/talk, sign in, and start chatting.

Connors pointed out that there are a few differences when using Google Talk on the iPhone versus a computer. For one, to receive messages, the application needs to be open on the Safari phone browser. When users navigate away from the Google Talk window in the browser, their status is set to "unavailable."

That said Google has tried to keep the experience close to what users experience on their desktop or laptop computers. They can select contacts from a quicklist, search contacts, and manage conversations.

However, while Apple continues to release new applications for the iPhone, a leading Mac OS X researcher says Apple has not kept the iPhone operating system up to date with patches it has issued for the desktop.

The iPhone runs a stripped-down version of Mac OS 10.5 and automatically checks for security updates. The last update for the phone, 1.1.4, was issued in February.

That means iPhone users are still vulnerable to a flaw discovered by Charlie Miller in March.

During the CanSecWest conference, Miller found and used a buffer overflow in Safari in the Apple WebKit to win a US$10,000 " Pwn to Own" contest. Apple patched Miller's Safari vulnerability for the desktop in April, but so far has not issued a similar patch for the iPhone.

Miller told the Washington Post recently he has an exploit of the flaw that will work on the iPhone. Meanwhile, Ryan Naraine from ZDNet.com.au's US branch ZDNet.com points out that there's another upcoming iPhone exploit expected soon from Aviv Raff.

Speculation within the security community is that Apple is currently focused on the 3G version of the iPhone. Upgrades to current iPhones may be pushed out in advance or concurrent with the July 11 release of iPhone 2.0. Apple did not respond to requests for comment on its software security policies.