Researchers for Independent Security Evaluators have discovered two security vulnerabilities in the Apple iPhone. The vulnerabilities are found in the Safari browser through a method called “fuzzing”.
The first exploit requires the user to surf a maliciously coded website using the Safari browser. As soon as the user gets there, all tje data inside the device such as call history, voice mail information, SMS texts, contact information, e-mails, browser’s history and even passwords could be accessed and collected by the remote attacker.
The second exploit which was developed by the researchers themselves, also requires the user to visit a maliciously coded website. What the exploit does is cause the iPhone to vibrate and play a system sound. This exploit is also capable of making the iPhone send a text message, dial a phone number, turn on the microphone enabling the remote attacker to eavesdrop on any ongoing conversations.
Apple has been informed of the iPhone exploits and researchers have provided a patch that most likely will be included in a firmware update.
If you own an iPhone, here are some safety measures you can take:
- Only visit sites you trust.
- Only use WiFi networks you trust.
- Don’t open web links from emails.
You can read the general information regarding the exploits here. Full disclosure of the iPhone exploits will be presented at the BlackHat convention in Las Vegas next month.
[image source: flickr.com/photos/sketch22]
