iPhone update fixes 'SMS of death' vulnerability

Filed Under: Apple, Mobile, Vulnerability

iPhone SMS
Apple has released an update to its iPhone operating system to protect against a vulnerability that could potentially allow criminals to hijack users' phones with malicious intent.

The flaw, which relies upon hackers sending booby-trapped SMS messages to the intended victim, was demonstrated at the BlackHat conference in Las Vegas earlier this week, generating much publicity for security researchers Charlie Miller and Collin Mulliner who uncovered the problem.

The good news is that it's not believed that any hackers have yet exploited the vulnerability in a malicious attack. But clearly Apple realised that there was a genuine danger of cybercriminals using the exploit for their own ends. Certainly the headlines about the iPhone flaw would have caught the attention of some malicious hackers, so it's good to see that Apple has now released a fix.

Apple's iPhone OS 3.0.1 update claims to fix the vulnerability through improved error-handling:

Details of iPhone SMS vulnerability from Apple

To update your iPhone, plug it into your computer and choose the "Check for Update" option in iTunes.


You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.