Feeds

Apple drags its heels on iPhone security patches

Waiting for the second coming

Secure remote control for conventional and virtual desktops

Apple has failed to keep software for the iPhone up to date with patches available for its desktop PCs.

The latest version of the software for the iPhone, 1.1.4, came out in February and is essentially a pared-down version of Mac OS 10.5, according to security researchers. As a result the Jesus phone is still vulnerable to an exploit demonstrated by Charlie Miller at the CanSec West security conference back in March. Miller used a bug in Apple WebKit, as used in versions of Safari prior to version 3.1.1, to win a $10,000 prize in the "Pwn to Own" contest at the conference.

Apple issued patches for its desktop machines in April but is yet to patch the Jesus phone.

Miller told the Washington Post that he's created a tool that exploits this vulnerability in the version of Safari running on the iPhone. In the wrong hands the utility could allow the theft of call records or contacts, providing a user of the phone is tricked into opening a maliciously constructed link. The approach might also be used to make outgoing calls from the device.

Other vulnerabilities involving Safari and the iPhone are in the pipeline, though they are not as critical. Security researcher Aviv Raff has discovered a security bug in the software combination that might allow phishing attacks. Raff is withholding details of the fix pending a security update from Apple.

In related news, security firm MX Logic reckons that iPhone-related scams will occur if demand outstrips supply of 3G versions of the iPhone, due to begin arriving on 11 July. Security watchers speculate that Apple has been focused on developing software for the next generation of the iPhone rather than addressing problems with version 1.x of the iPhone software. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Mighty Blighty broadbanders beg: Let us lay cable in BT's, er, ducts
Complain to Ofcom that telco has 'effective monopoly'
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?