Latest Episode
Play

Go Back   Keith and The Girl Forums Keith and The Girl Forums Talk Shite

Talk Shite General discussion

Reply
 
Thread Tools Display Modes
Old 07-27-2009, 01:00 PM   #1 (permalink)
Senior Member
2019 Marathon Kickstarter Backer24-hour Marathon 2018 Fundraiser Backer47-hour Marathon 2016 Kickstarter Backer
 
da_ticklah's Avatar
 
Join Date: Jan 2006
Location: Memphis 10
Posts: 1,534
But Apple has smarter Engineers and is more secure than Microsoft

So a bad guy can send an SMS to your phone and your phone is now infected. As these platforms get more popular people start poking at them and finding flaws.

Apple planning fix for iPhone SMS flaw | Tech Articles

Apple is making all efforts to fix an SMS handling vulnerability in its iPhone. Apple is concerned about the security flaw and is of the view that until the problem gets fixed, this could be used by an attacker for operating unauthorized code having absolute access to the device.

IDG News Service stated that Apple has been informed of the vulnerability and that it is working on a patch which is scheduled to be released before the Black Hat USA security conference is held. The SM vulnerability is slated for disclosure at this conference.

There was no immediate response from Apple when it was requested for comment. In the recent times, it was also heard that iPhone 3.0 software had 46 fixes for security vulnerabilities. Actually, iPhone 3.0 software is able to automatically launch the Safari browser in particular times; this feature makes iPhone highly user friendly, but also less secure at the same time. Apple has a paid a lot of attention to the usability factor, but this feature has made its iPhone prone to Wi-Fi hotspot hijacking. A malicious network poses as a risk for any connecting device. The automatic browser launch from iPhone has set the stage for aggravating the risk.

Black Hat security conference will be taking place in Las Vegas from July 25-30, and during this conference Independent Security Evaluators security researcher, Charlie Miller will be presenting information about the particular vulnerability.

At the SyScan security conference in Singapore, during an iPhone security presentation Miller already mentioned the vulnerability. According to IDG, he did not elaborate on the vulnerability referring to an agreement with Apple.

Miller also has plans to take part in two Black Hat presentations. The two presentations at the security conference will be “Fuzzing the Phone in your Phone” and “Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone”.

The presentation - Fuzzing the Phone in your Phone, will talk about the procedure of injecting SMS messages into iPhones Windows Mobile devices, and Android phones through a technique that is named fuzzing. The other presentation, titled Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, will provide an explanation of injecting unsigned code into a process address space of the iPhone.

In the Pwn2Own contest at CanSecWest security conference, Miller won Apple hardware this year as well as the previous year. He was successful in winning by exploiting Apple Safari Web browser’s unknown vulnerabilities of the past.
__________________
---
(Offline)   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 11:21 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.1
Keith and The GirlAd Management plugin by RedTyger