Apple May be Under Deadline to Fix iPhone Security Hole

Posted by:
Date: Friday, July 27th, 2007, 08:22
Category: iPhone

iphone.jpg
Apple may be under the gun to repair an iPhone security hole announced on Monday by security group Independent Security Evaluators.
The group, which discovered a security hole in which the iPhone could be manipulated into sending personal data from the handset provided the iPhone accesses a malicious web site, has promised to show how the hack was performed at the upcoming Black Hat 2007 security conference in Las Vegas next week.
According to Macworld UK, Apple is under pressure to release a first software patch for the handset. Historically, this task has been traditionally assigned to wireless carriers, a common task with mobile phones. Unfortunately, this also seems to have proven a heavy task for a wireless carrier to take on, as carriers have sometimes proven slow to patch software even in cases where prominent bugs are known.
“Right now other smart phones are full of vulnerabilities and they are not getting patched,” said Robert Graham, CEO of Errata Security. “This is actually a good test to see if Apple can do this better than the mobile carriers.”
Rumors have also surfaced that Graham’s business partner, David Maynor, who became infamous in 2006 by discussing details as to problems with Apple’s wireless cards, could be readying a “zero-day” iPhone attack. Via an e-mail interview, Maynor has hinted that this may happen; “We are trying to get something ready but there are no guarantees it will be stage-worthy in time,” he said. “After last year… we make sure that it’s painfully obvious or we don’t do it.”
Stay tuned for additional details as they become available.
And if you have thoughts on the iPhone or what you’d like to see in the first software update for the device, let us know in the forums.


iphone.jpg
Apple may be under the gun to repair an iPhone security hole announced on Monday by security group Independent Security Evaluators.
The group, which discovered a security hole in which the iPhone could be manipulated into sending personal data from the handset provided the iPhone accesses a malicious web site, has promised to show how the hack was performed at the upcoming Black Hat 2007 security conference in Las Vegas next week.
According to Macworld UK, Apple is under pressure to release a first software patch for the handset. Historically, this task has been traditionally assigned to wireless carriers, a common task with mobile phones. Unfortunately, this also seems to have proven a heavy task for a wireless carrier to take on, as carriers have sometimes proven slow to patch software even in cases where prominent bugs are known.
“Right now other smart phones are full of vulnerabilities and they are not getting patched,” said Robert Graham, CEO of Errata Security. “This is actually a good test to see if Apple can do this better than the mobile carriers.”
Rumors have also surfaced that Graham’s business partner, David Maynor, who became infamous in 2006 by discussing details as to problems with Apple’s wireless cards, could be readying a “zero-day” iPhone attack. Via an e-mail interview, Maynor has hinted that this may happen; “We are trying to get something ready but there are no guarantees it will be stage-worthy in time,” he said. “After last year… we make sure that it’s painfully obvious or we don’t do it.”
Stay tuned for additional details as they become available.
And if you have thoughts on the iPhone or what you’d like to see in the first software update for the device, let us know in the forums.

Recent Posts