Unlike the last so-called "security threat" that was posted by an anonymous blogger claiming to have created an exploit for OS X, which he took back the same day as he was unable to prove it (and refused to send the "threat" to Apple therafter)due to increased pressure from Mac users...this vulnerability, actually has some significant and serious thought behind it.
Reported by The New York Times (online edition), and discovered by researchers at a security firm Independent Security Evaluators, this vulnerability will take advantage of the iPhone from visiting a malicious website, or through a WiFi hotspot. In detail, the exploit can read the log of SMS messages, address book, call history, voicemail data and transmit it to the malicious site.
The researchers, working for Independent Security Evaluators, a company that tests its clients' computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.
Apple has apparently been notified of this vulnerability as of this finding, and an Apple representative has replied:
A spokeswoman for Apple, Lynn Fox, said, "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users."
"We're looking into the report submitted by I.S.E. and always welcome feedback on how to improve our security," she said.
There is no evidence so far however, that this flaw had been exploited or that users have been affected. It is, at this stage, still a proof of concept vulnerability only. A personal statement from the finder of the vulnerability on the iPhone hereafter:
It's not the end of the world; it's not the end of the iPhone" and it appears it hasn't changed their enjoyment of the iPhone itself. Even the security firm's founder states that while he may more cautious about using a random public WiFi network, "you'd have to pry it out of my cold, dead hands to get [the iPhone] away from me.
Recommended Comments
There are no comments to display.