Apple has pushed out the iPhone 3.0.1 update, defeating the SMS security hole that had been in the news of late. Security expert Charlie Miller found the hole and informed Apple of it a month ago, but until today, they had done nothing to combat it. He revealed the details of his hack at Black Hat, where hackers convene to make the public aware of security breaches that can be made relatively easily.
Apple’s security mailing list has this to say:
Available for: iPhone OS 1.0 through iPhone OS 3.0
Impact: Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution
Description: A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Fraunhofer SIT for reporting this issue.
The update is strictly for the iPhone, iPhone 3G and iPhone 3GS, and is 280 MB. If you haven’t already got it, there’s a chance you might have to wait as Apple’s servers generally see some slowdown as the millions of iPhone users simultaneously try to update their phones.