Apple patches iPhone security flaw
Security experts say they notified Apple 6 weeks ago
Hijacking an iPhone using a special kind of text message should no longer be possible once users apply a patch issued by Apple Friday, the company says.
"This morning, less than 24 hours after a demonstration of this exploit, we've issued a free software update that eliminates the vulnerability from the iPhone," Apple said in a statement Friday afternoon.
"Contrary to what's been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit."
Security experts Charlie Miller and Collin Mulliner said they had notified Apple about the flaw six weeks before they demonstrated an attack using the flaw at the Black Hat security conference in Las Vegas Thursday.
Miller, a senior security researcher at Independent Security Evaluators and Collin Mulliner, a PhD student at the Technical University of Berlin, said it is caused by a flaw in the way the iPhone handles SMS messages and does not require any action from the user or owner of the iPhone.
CBC technology columnist Jesse Hirsch described it this way: "If an SMS message comes in and instead of, say, normal English, had computer code that said please grant me access to all of your capabilities, it will do that," he said.
Once the hacker has taken control, he or she can make calls, steal data such as phone numbers in the user's contact list, and send text messages, including spam and copies of the code that can be used to disable and control other phones, Miller and Mulliner reported.
They said Android phones were also susceptible to an SMS attack that could disable the phone but wouldn't allow the attacker to take control. They added that Google fixed the flaw immediately after being notified of the problem.