Apple has released version 3.0.1 of the iPhone OS software. This fixes the recently revealed SMS security flaw. The security hole was illustrated on Thursday by Charlie Miller at the Black Hat 2009 conference in Las Vegas.
iPhone owners can download and install the 3.0.1 update using iTunes immediately. Left unpatched, the problem makes it possible for iPhones to receive malicious binary programs through SMS messages without the user's knowledge.
These programs, once installed, can then give someone using the exploit complete control over the device.
A spokesperson for O2, the exclusive iPhone carrier in the United Kingdom, was expecting Apple to release the update on Saturday. A full update to iPhone OS 3.1 isn't expected to hit the streets until as late as September.According to Miller, "The approach is particularly dangerous because messages are delivered automatically, and users cannot tell that they have received the malicious code."
He recommends two different methods to fix the problem, "The problem could be fixed by directly patching the vulnerability in smartphones' operating systems, or the network providers could scan for messages that look to be trying to gain access to phones via the malicious code."
Newest iPhone FAQs
Apple has chosen the first solution, which makes sense. AT&T may not have the resources to deal with the issue.
Incidentally, iPhones aren't the only vulnerable mobile device. Windows Mobile and Google Android phones can both be attacked by the same method. According to reports, Google has already taken steps to deal with the problem.
Now that the 3.0.1 firmware has been released, be sure your iPhone is secure by installing the update with iTunes.