Apple fixes iPhone SMS vulnerability that could have allowed hackers to take control of the iPhone.

Saturday, August 01, 2009: After a lot of hype, Apple has confirmed that it has released a software update to fix a vulnerability that could have allowed hackers to take control of the iPhone and use it for identity theft. The vulnerability was discovered by security experts at the Black Hat security conference, on Thursday.

As per the findings of Charlie Miller of Independent Security Evaluators and Collin Mulliner of Fraunhofer SIT — the security experts who found the flaw — the vulnerability would allow a hacker to gain control of the device by sending a single SMS.

The researchers said they notified Apple of the problem more than a month before their presentation at Black Hat. The company had yet to release the patch, so they decided to publicise their findings in an effort to push Apple to act, reports The New York Times.

“We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms,” an Apple spokeswoman said in a phone interview to PCMAG.com. “This morning, less than 24 hours after a demonstration of this exploit, we’ve issued a free software update that eliminates the vulnerability from the iPhone.”

According to Apple security note, “A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution.”

Source: EFY Times