In a presentation at a conference today, Mac security expert Charlie Miller highlighted a security issue in the iPhone OS that could allow root access to malicious code via SMS.
Due to an agreement with Apple, Miller did not go into detail about how the security breach could be utilized. What is known is that malicious code received via SMS could be run on an iPhone, allowing activities like GPS monitoring, eavesdropping via the built-in microphone, and more.
The iPhone OS has been a relatively secure platform to date, though SMS on the iPhone is unique in that it allows root access that other built-in applications, such as Safari, do not. Ironically, the iPhone’s limitation that prevents 3rd-party applications from running in the background – a limitation often maligned by users and critics alike – makes the iPhone generally more secure since it allows even less access to the phone’s functionality.
Apple is reportedly working on addressing this vulnerability, with plans to release it later this month. Miller is scheduled to talk in more detail about the vulnerability at the Black Hat conference at the end of July after the fix has been released.
[via MacNN]
