NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0258 Researchers Claim First iPhone Vulnerability:
Three security researchers claimed to have found the first exploitable vulnerability in Apple's iPhone, a flaw that allows them to steal any data from the device or even to turn it into a remote surveillance tool. The trio has notified Apple of the vulnerability and given the company less than two weeks to fix the bug before presenting more information at the Black Hat conference on 02AUG07. According to a paper posted by the three, they rooted out a vulnerability in the iPhone's version of Safari using "fuzzing" tools and wrote a proof-of-concept exploit that can be delivered from a malicious web site or using "man in the middle" tactics to trick users into connecting to a malicious wireless access point. Once the exploit runs, the researchers said they would own the iPhone. In an email, an Apple spokeswoman would only say: "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. We're looking into the report submitted by I.S.E. and always welcome feedback on how to improve our security." She declined to answer questions about the August deadline, whether Apple would issue a patch before then, or what the company thought of the way the trio disclosed the vulnerability.
(ComputerWorld 23Jul07)