Apple expects to have a fix later this month for a vulnerability in the iPhone that could allow an attacker to gain control of the device remotely via SMS (short message service), a security researcher said on Thursday.
An attacker could exploit a weakness in the way iPhones handle SMS messages to do things like use GPS to track the phone's location, turn on the microphone for eavesdropping, or take control of the device and add it to a botnet, Charlie Miller, co-author of The Hacker's Handbook and principal security analyst at Independent Security Evaluators, said in a presentation at the SyScan conference in Singapore. The presentation was covered by IDG News Service.
Miller said that under an agreement with Apple, he was barred from providing too much detail on the vulnerability. He plans to give a more detailed presentation on the hole at the Black Hat conference in Las Vegas at the end of the month.
Despite the SMS hole, which "could be a critical vulnerability", the iPhone is more secure than OS X on computers, Miller said. That is because the iPhone doesn't support Adobe Flash and Java, only runs software digitally signed by Apple, includes hardware protection for data stored in memory, and runs applications in a sandbox, he said.
Apple representatives did not immediately respond to an e-mail request for comment.
This article was first published as a blog post on CNET News.
Play video
There are currently no comments for this post.