A team of security researchers say they have discovered a security flaw in Apple's iPhone that would allow an attacker to take nearly complete control over a target device. The group, which works for consulting and assessment firm Independent Security Evaluators (ISE), is withholding technical details until August 2 in order to give Apple time to fix the problem. They do claim, however, to have successfully exploited the vulnerability, and have posted a video of an attack on their website. The vulnerability--known as a buffer overflow--lies in the Safari web browser built into the iPhone, said team member Charlie Miller.
By directing the browser to a web page containing malicious code, Miller says that his team has forced an iPhone to connect to a server and personal information contained on the device, including previous SMS text messages, contact information, call history, and voice mail data. By modifying the malicious code, an attacker could also have forced the phone to call out, send text messages, or record audio.
View:
The full story
News source:
CRN Read full story...
More...
Linear Mode
