Jul 31 2009
iPhone SMS Hack Patch Available
 

Apple has responded to the iPhone SMS hack by releasing a patch which addresses the vulnerability.

More details on the hack:
https://victorcaballero.com/iphone-hack/

More details on the Apple iPhone SMS Hack Patch:

Apple.com
How to patch your Apple iPhone:

1. Launch Apple iTunes on Windows or Mac, make sure you are running the latest version.
2. Connect your iPhone. Wait for it to sync or cancel by sliding the bar on the iPhone.
3. Select your iPhone by clicking on it under Devices.
4. Click the Check for Update button.
5. You’ll get a popup that asks if you want to install iPhone software version (3.0.1). Click Download and Install.
6. Click Next and then Agree on the software license agreement popup.
7. It will take a few minutes to download the software, backup the iPhone and install the update. During the process, the iPhone will reboot a couple of times, so don’t be alarmed with activity on the iPhone. Once it is finished, the status bar of iTunes will read that the iPhone sync is complete.

There is an imminent update iPhone OS 3.1 coming, so keep on the lookout.

Dev Team is in Vegas for devcon right so they are busy. Saurik has confirmed this in main screen of Cydia. He also notes that he is working on special project that will simplify upgrading jailbroke phones.

The iPhone DevTeam just got their google voice number and made it public for anybody to use it. You can call them at (347) DEV-TEAM or (347) 338-8326.

Number was made it public on twitter a couple of minutes ago by iPhoneDev , a member of the iPhone DevTeam.

https://support.apple.com/kb/HT3754
About the security content of iPhone OS 3.0.1
Last Modified: July 31, 2009
Article: HT3754
Summary
This document describes the security content of iPhone OS 3.0.1.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see “How to use the Apple Product Security PGP Key.”

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see “Apple Security Updates.”

Products Affected
iPhone, Product Security
iPhone OS 3.0.1
CoreTelephony

CVE-ID: CVE-2009-2204

Available for: iPhone OS 1.0 through iPhone OS 3.0

Impact: Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution

Description: A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Fraunhofer SIT for reporting this issue.

The 3.01 patch is 297.9MB.

Share

Written by

View all posts by: