Report: Apple to Patch IPhone SMS Bug Saturday

Apple on Saturday will patch a critical vulnerability that lets hackers take control of users' iPhones by sending malicious text messages, according to a report by the BBC.

Apple on Saturday will patch a critical vulnerability that lets hackers take control of users' iPhones by sending malicious text messages, according to a report by the BBC.

iPhone Virus: What You Need to Know

In a story posted to its Web site early Friday, the BBC quoted a spokesperson for O2, Apple's exclusive carrier partner in the U.K., as saying that Apple would update the iPhone's software tomorrow.

"We will be communicating to customers both through the website and proactively," the O2 spokesperson told the BBC. "We always recommend our customers update their iPhone with the latest software and this is no different."

The patch will address a vulnerability disclosed Thursday by researchers Charlie Miller, an analyst with Independent Security Evaluators, and Collin Mulliner, from the Technical University of Berlin, at the Black Hat security conference in Las Vegas.

The Miller/Mulliner vulnerability, which Miller first discussed at a Singapore security conference earlier this month, allows hackers to hijack an iPhone using a series of malicious SMS (Short Message Service) messages. Miller and Mulliner demonstrated the flaw yesterday during a Black Hat presentation, showing how hackers could send apparently-harmless messages, as well as messages that the iPhone's owner never sees, to silently control smartphone features such as its camera or microphone.

Today, Miller said he wasn't in Apple's loop, and couldn't confirm that the company was planning to patch the vulnerability tomorrow. "They do it when they do it," he said, referring to Apple's patching process. Miller reported the bug to Apple on June 18. "So they've had it about six weeks," he said.

Apple and O2 did not respond to requests for confirmation or comment on the update.

If the O2 information is correct, Apple will make the iPhone update available in iTunes sometime Saturday. If it does, the fix will be the first update to the iPhone software since Apple unveiled Version 3.0on June 17.

Miller and Mulliner have published a research paper, Fuzzing the Phone in Your Phone ( PDF download) that spells out the vulnerability in the iPhone and other smartphones.

This story, "Report: Apple to Patch IPhone SMS Bug Saturday" was originally published by Computerworld.

Copyright © 2009 IDG Communications, Inc.

Discover what your peers are reading. Sign up for our FREE email newsletters today!