iPhone 3.0.1 Update Patches SMS Flaw
Just in case you thought Saturday was too long to wait for an iPhone security patch, no reason to worry: Apple on Friday released iPhone Software Update 3.0.1, which fixes the SMS vulnerability demonstrated at the Black Hat security conference on Thursday. Earlier on Friday, U.K. wireless operator O2 said Apple would release the fix on Saturday.
The flaw, disclosed by security researchers Charlie Miller and Collin Mulliner, could have allowed a vulnerable phone, such as an iPhone, to be taken over remotely. Apple attributes the flaw in the CoreTelephony framework to a memory corruption issue in the decoding of SMS messages, and credits the find to Miller and Mulliner.
The hefty software update -- yes, even an update with just one fix means downloading the entire OS again--is available via iTunes; the exact size varies depending on which version of iPhone is being updated. iPhone users can get the update by connecting their phones to their computers and clicking the "Check for Update" button in iTunes.
Once again, the world is safe for text messaging -- well, unless you're texting while driving; Apple has still issued no patch for stupidity. Now we can move on to other pressing issues, like when exactly AT&T will deign to roll out the multimedia messaging we've all been waiting for since June.