August 05, 2009, 7:39 AM — Apple yesterday released version 3.0.1 of its iPhone OS, which includes a fix for a vulnerability found in the CoreTelephony component.
According to a post on Apple’s support site, the vulnerability could allow an attacker to execute code or cause an interruption in service if successful in sending a specific type of SMS message to a user. Specially crafted messages can cause a memory corruption on the phone when decoding the message.
Charlie Miller, principal analyst with Independent Security Evaluators who revealed the vulnerability at the Black Hat security conference last week, said the glitch could allow hackers to steal contact information and passwords, dial the iPhone, or send text messages.
Apple’s iPhone isn’t the only device that could suffer from such an attack; Miller said phones running Microsoft’s Windows Mobile and Google’s Android operating systems could also be affected. Google says the vulnerability in Android has already been fixed.
The iPhone OS update is available to all iPhone users via an iTunes download.
Do you tweet? Follow me on Twitter here.
