July 2007 Entry 6
Silliness aside, the New York Times reported yesterday that a team of security researcher at Independent Security Evaluators (ISE) has uncovered an exploit on the iPhone. It is done through the Safari browser. The same flaw exists in the Mac and Windows versions of Safari, but no tests have been done to see if the exploit will work on those platforms. Details of the vulnerability have been turned over to Apple, so the ball is in their park, now.
Apple's stock actually dropped a bit at this news, which is a really silly reaction. The iPhone is basically a hand held computer. More so than many other phones. Vulnerabilities are going to happen, and will have to be dealt with. Are you going to get rid of your iPhone because of this? I think Aviel D. Rubin, founder of ISE, said it best: "You'd have to pry it out of my cold, dead hands to get it away from me."
Update: Originally I didn't mention the severity of this vulnerability. I didn't do it intentionally, but that was information I should have included. There are no exploits for it in the wild yet, but if any appear before it is patched, you can lose control of your iPhone. Completely. A person who takes advantage of this vulnerability can do anything they want with your phone. So this is potentially very serious. If you have an iPhone, keep up with your Apple provided updates. Since they don't have to worry about 3rd party apps and drivers, they should be able to get a patch out pretty quick.
ISE's page on the iPhone vulnerability
No comments:
Post a Comment