Feeds

Apple drags its heels on iPhone security patches

Waiting for the second coming

Intelligent flash storage arrays

Apple has failed to keep software for the iPhone up to date with patches available for its desktop PCs.

The latest version of the software for the iPhone, 1.1.4, came out in February and is essentially a pared-down version of Mac OS 10.5, according to security researchers. As a result the Jesus phone is still vulnerable to an exploit demonstrated by Charlie Miller at the CanSec West security conference back in March. Miller used a bug in Apple WebKit, as used in versions of Safari prior to version 3.1.1, to win a $10,000 prize in the "Pwn to Own" contest at the conference.

Apple issued patches for its desktop machines in April but is yet to patch the Jesus phone.

Miller told the Washington Post that he's created a tool that exploits this vulnerability in the version of Safari running on the iPhone. In the wrong hands the utility could allow the theft of call records or contacts, providing a user of the phone is tricked into opening a maliciously constructed link. The approach might also be used to make outgoing calls from the device.

Other vulnerabilities involving Safari and the iPhone are in the pipeline, though they are not as critical. Security researcher Aviv Raff has discovered a security bug in the software combination that might allow phishing attacks. Raff is withholding details of the fix pending a security update from Apple.

In related news, security firm MX Logic reckons that iPhone-related scams will occur if demand outstrips supply of 3G versions of the iPhone, due to begin arriving on 11 July. Security watchers speculate that Apple has been focused on developing software for the next generation of the iPhone rather than addressing problems with version 1.x of the iPhone software. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
BEST EVER broadband? Oh no you DIDN'T, Sky – ad watchdog
Rival BT moaned that claim was misleading
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.