The new Apple iPhone was the talk of the town at the Black Hat Security Conference in Las Vegas on July 30th of this year, but unfortunately it wasn't due to the sleek design or touch-screen function, but because of a serious SMS-related security flaw in the iPhone's design.
At the conference, security researchers Collin Mulliner and Charlie Miller demonstrated how they were able to force specific types of smartphones to visit malicious websites or install an application without user approval. This vulnerability appears to only affect those phones that have been misconfigured by the original equipment manufacturer.
At the time, the researchers had yet to determine whether or not the Apple iPhone or other devices were vulnerable, but since then it has been confirmed and now it would seem that Apple has done something about it. "We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms," Apple representative Tom Neumayr told CNET.
"This morning, less than 24 hours after a demonstration of this exploit," Neumayr continued, "we've issued a free software update that eliminates the vulnerability from the iPhone. Contrary to what's been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit."
Apparently the flaw not only allowed unauthorized users to send links to malicious websites and cause users to install applications without consent, but it also allowed a hacker to take control of an iPhone remotely. The flaw could have let them make calls, send text messages, or almost anything they wanted on the victim's iPhone. This is quite a frightening thought if you are the user of a new iPhone.
Since then, Apple has released the iPhone 3.0.1 firmware update, which improves the device's memory handling, essentially fixing the exploit. The update is available by plugging your iPhone into your computer and clicking on the "Check for Update" button in iTunes and then continue to sync your iPhone to upload the newest firmware to the device.