Patch for critical iPhone bug released

An iPhone software patch is now available to fix the critical bug that makes your device susceptible to secret attacks by hackers.

On July 30 in the Black Hat conference in Las Vegas, researchers Charlie Miller and Collin Mulliner showed the audience how to break into iPhones by sending computer code via the phone’s SMS system. They said that the phone’s users cannot detect that it is receiving the malicious code. They had already warned Apple about it on July 18.

Miller and Mulliner found the flaw while they were looking for vulnerabilities in the SMS communications system. They said they wanted to go public because they wanted to warn iPhone users of the risk, as well as pressure the iPhone maker to fix the flaw.

Users of iPhone can now download the patch onto the computer using iTunes and install it on their devices by connecting it to their computer.

“There’s a real urgency for people to update their iPhones because of this wave of publicity. The race is on between those fixing the vulnerability and attackers seeking to exploit the issue,” Joris Evers, a spokesman for No. 2 security software maker McAfee Inc.  said.

Source: http://tech.yahoo.com/news/nm/20090731/wr_nm/us_iphone_security

U R UNDER ATTCK: Text messages can attack smartphones

In the Black Hat security show, researches demonstrated on Thursday how a smartphone can be “forced” to visit a malicious URL or install an app without the owner’s knowledge.

John Hering, chief executive of Flexilis which provides software that protect mobile phones from attact, said that the vulnerability affects phones that were misconfigured by the OEM so that they can accept any messages sent through WAP Push. He further said that users should only accept WAP Push messages from trusted parties such as their mobile phone operators.

He and Kevin Maheffey, Chief Technology Officer at Flexilis, are releasing a free tool – “Fuzzit” – so you guys can test whether your mobile is vulnerable and fix the issue.

Oh, and so far, the vulnerability only seem to span on Windows Mobile devices (including HTC, Motorola an d Samsung). The researchers said they haven’t determined yet whether the iPhone or other devices are also vulnerable.

No need to panic though, Microsoft as well as carriers were already notified and now have their hands full working on fixes. 🙂

Source: http://news.cnet.com/8301-27080_3-10300536-245.html?tag=mncol;txt