This is a very good point. It appears that Apple decided to release a patch during the Black Hat, however: http://support.apple.com/kb/HT3754
Juha-Matti Dragos Ruiu [[email protected]] kirjoitti: > But as C. Miller covered in his EUSecWest presentation "Owning your > Grandmother's iPhone" exploitation in a non-jailbroken environment is > substantially more complex. A lot of the tools from jail-breaking that > are leveraged to get command exec are just not there on the stock phone. > > cheers, > --dr > > On 31-Jul-09, at 8:12 AM, Juha-Matti Laurio wrote: > > > Details are being covered at > > http://www.theregister.co.uk/2009/07/31/smart_phone_hijacking/ > > > > ".... > > The bug resides in CommCenter, a service that's responsible for > > handling SMS, wireless and other functions in the iPhone. > > By default, it runs as root and isn't limited by an application > > sandbox. That makes it an ideal vector for taking control of the > > device. > > What's more, the messages are delivered automatically and often > > aren't easy for users to block. > > ...." > > > > Juha-Matti > > > > der Mouse [[email protected]] kirjoitti: > >>> "On Thursday, two researchers plan to reveal an unpatched iPhone bug > >>> that could virally infect phones via SMS. [...] > >> > >> Any betting Apple manages to get them gagged before they can > >> present? :( > >> > >> /~\ The ASCII Mouse > >> \ / Ribbon Campaign > >> X Against HTML [email protected] > >> / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B > > _______________________________________________ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
