Apple Zaps SMS Vulnerability With 3.0.1 iPhone Firmware

Apple has released a patch on Friday to cater for the now-public SMS exploit that could have allowed hackers to take complete control - at least as a proof of concept - of any iPhone device.

More than 40 million iPhones could have been exposed to this rather serious security vulnerability which was exposed last week by two security specialists - Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Technical University Berlin - at the Black Hat conference in Las Vegas.

The hack - which also affects older iPhone OS editions - would have allowed criminals to make calls and send texts unbeknown to the users as well as downloading confidential data without the user knowledge.

iPhone 3.0.1, otherwise known as CVE-2009-2204, will solve a memory corruption issue that exists in the decoding of SMS messages and is triggered upon receiving a maliciously crafted SMS.

This may lead to an "unexpected service interruption or arbitrary code execution" and this appear to have been solved through "improved error handling" from Apple developers. The latter were apparently aware of it for the last six months.

Other smartphones as well including those on the Android and Windows Mobile platforms are also affected by the same weakness. Google has already released a fix for the Android platform while Microsoft is working on one to be released soon.