Apple's iPhone Executes SMS Binary Code as Root, Fix Won't Come Until End of Month

From DailyTech: Recently, Apple has struggled with the security ramifications of a higher commercial profile, and seeing an increasing number of OS X malware. Now another security flaw has been found, this time in the iPhone OS. The flaw allows attackers to gain root access to the iPhone's underlying OS, allowing them to install and execute malicious programs at will.

The iPhone apparently automatically executes binary code sent in SMS messages. Messages are limited to 140 bytes, but this is little deterrence as longer programs can be broken up into several messages, which the phone automatically reassembles. While other applications such as the Safari browser on the phone only enjoy access to their sandbox, the SMS system is automatically granted root access, and SMS commands execute as root.

Charlie Miller, during a presentation at the SyScan conference in Singapore on Thursday introduced the vulnerability to the public. He declined to go into specific details or offer his proof-of-concept code to the public, as he has entered under an agreement with Apple. Mr. Miller did state, "SMS is a great vector to attack the iPhone."

View: Article @ Source Site