Feeds

Apple drags its heels on iPhone security patches

Waiting for the second coming

New hybrid storage solutions

Apple has failed to keep software for the iPhone up to date with patches available for its desktop PCs.

The latest version of the software for the iPhone, 1.1.4, came out in February and is essentially a pared-down version of Mac OS 10.5, according to security researchers. As a result the Jesus phone is still vulnerable to an exploit demonstrated by Charlie Miller at the CanSec West security conference back in March. Miller used a bug in Apple WebKit, as used in versions of Safari prior to version 3.1.1, to win a $10,000 prize in the "Pwn to Own" contest at the conference.

Apple issued patches for its desktop machines in April but is yet to patch the Jesus phone.

Miller told the Washington Post that he's created a tool that exploits this vulnerability in the version of Safari running on the iPhone. In the wrong hands the utility could allow the theft of call records or contacts, providing a user of the phone is tricked into opening a maliciously constructed link. The approach might also be used to make outgoing calls from the device.

Other vulnerabilities involving Safari and the iPhone are in the pipeline, though they are not as critical. Security researcher Aviv Raff has discovered a security bug in the software combination that might allow phishing attacks. Raff is withholding details of the fix pending a security update from Apple.

In related news, security firm MX Logic reckons that iPhone-related scams will occur if demand outstrips supply of 3G versions of the iPhone, due to begin arriving on 11 July. Security watchers speculate that Apple has been focused on developing software for the next generation of the iPhone rather than addressing problems with version 1.x of the iPhone software. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
Shades of Mannesmann: Vodafone should buy T-Mobile US
Biting the bullet would let Blighty-based biz flip the bird at AT&T
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
Net neutrality fans' joy as '2.3 million email' flood hits US Congress
FCC invites opinions in CSV format, after Slowdown day 'success'
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.