Log in

View Full Version : Apple to fix iPhone security flaw



Ben
31st July 2009, 02:12 PM
http://news.bbc.co.uk/1/hi/technology/8177755.stm

Apple is set to release a software patch to address a recently described security flaw in the iPhone, the UK network operator 02 has said.

Experts revealed on Thursday that modified SMS messages could result in iPhones being disconnected from the network or hijacked altogether.

Phones incorporating the Windows Mobile and Google Android operating systems are also vulnerable, they said.

An O2 spokesperson said the patch would be available Saturday through iTunes.
...

miffed
31st July 2009, 03:16 PM
Patch eh ? Thats a bit tatty isn't it ? Surely we'll get a whole new firmware rather than mess around with patches ?

Ben
31st July 2009, 03:48 PM
Weeeeeell, I guess we'll have 3.0.1 and it'll be a full update but described as 'bug fixes', with 3.1 to follow in a month or so? :S

getti
31st July 2009, 04:07 PM
Experts revealed on Thursday that modified SMS messages could result in iPhones being disconnected from the network

Don't O2 already do that with their shoddy 3G network?

Ben
31st July 2009, 05:47 PM
Don't O2 already do that with their shoddy 3G network?
Lol, it's more than the 3G part that's shoddy of late.

Ben
31st July 2009, 09:15 PM
Yep, 3.0.1 :) http://www.theregister.co.uk/2009/07/31/iphone_sms_vulnerability_patch/

dgilbert2
31st July 2009, 09:15 PM
3.0.1 is now available on itunes!

All 300Mb of it !!!

solo12002
31st July 2009, 09:34 PM
LOL

well that shut up all the iphone users from slagging of nokia OS even if its crap lol.

Ben
31st July 2009, 11:43 PM
lol I suppose Nokia have a wealth of experience when it comes to standards like SMS. How Windows Mobile, however, is affected is beyond me, and a real risk as Windows Mobile users have no clear update path!

blush
1st August 2009, 10:13 AM
Well the update to 3.0.1 didn't go smoothly for me. Set the update going and came back a while later to error 1604. Rebooted pc and iTunes said iPhone was in recovery mode and after an age came back with error 1604 again. Had to use my netbook also running xp in the end and then a restore with the other pc. Got there in the end! Got to do the mrs phone next, hopefully that will be straight forward.

Hands0n
1st August 2009, 10:28 AM
It is indeed how this vulnerability affects the three OS, Windows Mobile, Android and OS X. It smacks of a core vuln in SMS itself that has only just been realised.

To think that it has always existed in Windows Mobile though! Why wasn't it discovered before. There are plenty enough of WM devices in the field!

Credit to Apple for closing the vuln off in such short time. Any info or news on the other two OS? And what of older WM for which there is no fee-free update path?

OS X and Android are best places to resolve such vulns as and when they occur.

Ben
1st August 2009, 10:51 AM
It's just due to how these vendors have implemented SMS, afaik. Perhaps they share some sort of open library. SMS itself is pretty basic, and the exploit just tinkers with the UDH (User Data Header) which is a perfectly legitimate part of a text message used in things like SMS message concatenation (long/multipart SMS).

@blush - it bricked my friend's iPhone, too. Not sure what that's all about. She had to power off her Mac and power it back on again, and plug the iPhone into a different USB port. Can't remember if she needed to get into DFU mode in the end, but all's well that ends well.

miffed
1st August 2009, 12:20 PM
Well I am a little miffed by the upgrade TBH

The update was indeed 290mb(or thereabouts , which suggests a full upgrade - but installation was VERY quick for me , less than a minute to install . (longer to verify though ) - And then on reboot there was a VERY quick sync , (literally 10 seconds or so , but ALL my day was intact, even Jailbroken apps were all still present , there is no way this info had been synced over (no time !) , I can only assume it was never removed ! the firmware version now reads 3.0.1 , and the only thing that had been removed was Cydia !

Interesting

Ben
1st August 2009, 12:25 PM
lol, hoping for more excitement, eh? :D

3.1 should be along soon!

miffed
1st August 2009, 02:09 PM
lol, hoping for more excitement, eh? :D

3.1 should be along soon!

LOL , no , just wondering why the 300mb file for what does appear to be a patch ! although I suppose the file is the complete OS and those currently running 3.0 would only need the patch - whereas people upgrading from previous versions need the whole lot ?

Ben
1st August 2009, 03:10 PM
LOL , no , just wondering why the 300mb file for what does appear to be a patch ! although I suppose the file is the complete OS and those currently running 3.0 would only need the patch - whereas people upgrading from previous versions need the whole lot ?
Lord knows to be honest, I'd have thought there would have been a more lightweight way of patching this sort of issue, too - downloading 300MB to correct what's probably a few lines of code seems a bit mental.

Incredible Apple coped with the demand! Their infrastructure has obviously improved considerably since the MobileMe debacle.

blush
1st August 2009, 04:42 PM
@blush - it bricked my friend's iPhone, too. Not sure what that's all about. She had to power off her Mac and power it back on again, and plug the iPhone into a different USB port. Can't remember if she needed to get into DFU mode in the end, but all's well that ends well.

@Ben, it bricked both our iPhones in the end, my 3gs and mrs 3g. I noted two seperate downloads for the different phones 290mb for 3gs and 230mb for 3g I think. As you say it all came good in the end.