iPhone security slammed

Charles Miller, who first discovered an iPhone vulnerability that was patched by Apple in the iPhone 1.0.1 update, slammed the iPhone's general platform security during a presentation at the Black Hat conference in Las Vegas this week. Saying that his hack was not an isolated incident, Miller labeled Apple's security practices as poor, claiming that they have left the entire OS X platform (both the Mac and the iPhone) vulnerable.

A report in ChannelWeb quotes Miller: "Before they released the patch, I couldn't really say that much because I didn't want to give anyone enough to replicate the exploit. It was really frustrating, because a lot of people leapt to Apple's defense without really knowing the details. Everyone said, 'Oh, everyone gets bugs,' and 'Apple's good on security,' and 'They're better than Microsoft.' When you look at the details of this bug, though, the reality is that Apple's been negligent, I think."

He said that the most problematic Apple practice, from a security standpoint, is the regular inclusion in the OS X platform of older, outdated versions of open source code. Hackers can look at what flaws have been patched in newer releases, then write exploits based on the pre-existing vulnerabilities. Other security experts defended Apple's track record, however, noting that the company has patched serious flaws in a matter of days where Microsoft took several weeks for similar vulnerabilities.

Specifically, the vulnerability reported by Miller was one where viewing a maliciously crafted web page may lead to arbitrary code execution. Apple's description of the flaw is as follows: "Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions."

Via the exploit, attackers could gain access to the iPhone in one of three ways: any iPhone that automatically connects to an attacker-controlled wireless access point with the same name and encryption type as a trusted network would be compromised; an improperly configured forum on any website could allow insertion of the exploit; and iPhone users opening a link delivered via email or an SMS message could unknowingly open a hostile website.

Apple was under pressure to fix the security problem with the iPhone in a matter of days before briefings begin at the Black Hat 2007 conference

by MacNN Staff