Security firm claims first iPhone exploit

iPhone SecurityThe popularity of the iPhone ensures that it’s going to be a target of unwelcome attentions, so the announcement this morning that a team of security researchers had allegedly discovered a vulnerability should not be shocking.

Independent Security Evaluators, the firm that did the investigation, claim to have found the hole in the iPhone’s version of Safari. It would allow for the execution of arbitrary code, run with administrative privileges. Such code can in theory do anything the iPhone can do, including sending text messages, stealing email passwords, or recording audio. The demo that ISE has concocted reads the SMS text log, the address book, the call history, and the voicemail data.

While this exploit should not be taken lightly, it’s important to note that it’s not in the wild: ISE has released a preliminary paper, with a full paper and presentation to be given at the BlackHat conference on August 2nd. They’ve notified Apple of the exploit along with a proposed fix. Also important to note is the potential attack vectors: since the vulnerability is in Safari, the user needs to click on a link or otherwise be directed to a malicious website, so it’s important to practice safe computing.

Category: News

Posted by Dan Moren on Jul 23 2007, 10:11 AM ET

ABOUT iPHONE CENTRAL

Get the latest news, reviews, and opinion about Apple's groundbreaking iPhone from the Apple experts at Macworld.

Want more information? Be sure to check out our complete iPhone coverage.

iPHONE QUESTIONS OR COMMENTS?

Send your iPhone thoughts:
via e-mail
via voicemail
and we may use them on the site.


BLOG ARCHIVE

CATEGORIES

Macworld iPhone Superguide
Buy now as PDF download, on CD-ROM, or as a printed book!

GET OUR NEWSLETTER

Subscribe to our weekly iPhone newsletter!