Apple is working on a security patch for the iPhone to fix a
vulnerability that could be exploited by cybercriminals.
The vulnerability in the way iPhones handle text messages was
demonstrated by independent security adviser Charlie Miller at the
SyScan
security conference in Singapore yesterday.
Miller demonstrated that he could use the vulnerability to
temporarily disconnect an iPhone from the network, but did not give
a detailed description of the attack method.
He has agreed with Apple to keep the details under wraps until
the
Black Hat security conference in Las Vegas on 25-30 July.
Apple has until then to fix the vulnerability, which Miller
warned could potentially be exploited to execute code on an iPhone
remotely.
If successful, criminals could potentially run code to monitor
the location of the phone using GPS, turn on the phone's microphone
to eavesdrop, and add the phone to a botnet, according to
Miller.
Miller, who has still to determine if this kind of attack can be
carried out, has said in
media interviews that the vulnerability could be "really
serious" and that Apple is investigating.
Apple did not respond to requests for information about the
iPhone vulnerability.