Apple has released iPhone OS 3.0.1, which is a minor update for iPhone 3.0, to fix SMS vulnerability, after security experts demonstrated the exploit at a top security conference (known as Black Hat). According to New York Times, the SMS exploit was discovered by two security researchers – Collin Mulliner and Charlie Miller. As claimed, the vulnerability will allow hackers to take over any iPhone and gain complete control with a simple SMS.

On Thursday, they demonstrated in a security conference and showed how they can take advantage of this exploit to hijack iPhone and gain complete control of it including making phone calls, visiting websites, taking photos with camera and even revealing personal information.

What’s more is that hackers can make use of the hijacked iPhone to send malicious SMS to other iPhones. So, theoretically, hackers can take over all iPhone in the world.

Due to the severity of the vulnerability, just a day after security researcher showed off the hijack, Apple releases a security patch (i.e. iPhone 3.0.1) to eliminate this vulnerability from iPhone:

We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms. This morning, less than 24 hours after a demonstration of this exploit, we’ve issued a free software update that eliminates the vulnerability from the iPhone. Contrary to what’s been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit.

iPhone users are advised to install this update immediately. For jailbroken iPhone user, iPhone Dev team has confirmed that iPhone 3.0.1 is jailbreakable and you can use the existing redsn0w to jailbreak this update.

0 comments