Apple Four Months Behind On iPhone Security Updates?
Apple has fallen behind on keeping the iPhone’s software up-to-date with security patches, according to The Register. While they have been keeping up with patches for the Mac to make sure no major security holes were left open, they have not been updating the iPhone’s software at the same pace. While the Mac was patched in April for the WebKit vulnerability exploited by Charlie Miller at the CanSec West security conference in March, the iPhone has yet to be patched since February, leaving it open to it and other exploits.
Miller’s exploit of the vulnerability won him the $10,000 prize in the “Pwn to Own” conference when he successfully gained complete control of a MacBook Air. Since then he’s created a tool to exploit the same vulnerability in the version of Mobile Safari running on the iPhone currently.
He claims that with a click of a link to a carefully coded page, an attacker can gain enough control over the device to do anything from steal their call records, contacts, send text messages on their phone or read their sent and received messages, and even make outgoing calls, among other things.
One theory that might explain Apple’s lagging behind with the security updates as of late, however, may be that they are waiting to roll out the new security with the upcoming 2.0 software expected to coincide with the iPhone 3G launch next week.