08/03/2007, 8:00pm, EDT
Friday, August 3rd
iPhone security slammed at Black Hat
Charles Miller, who first discovered an iPhone vulnerability that was patched by Apple in the iPhone 1.0.1 update, slammed the iPhone's general platform security during a presentation at the Black Hat conference in Las Vegas this week. Saying that his hack was not an isolated incident, Miller labeled Apple's security practices as poor, claiming that they have left the entire OS X platform (both the Mac and the iPhone) vulnerable.
A report in ChannelWeb quotes Miller: "Before they released the patch, I couldn't really say that much because I didn't want to give anyone enough to replicate the exploit. It was really frustrating, because a lot of people leapt to Apple's defense without really knowing the details. Everyone said, 'Oh, everyone gets bugs,' and 'Apple's good on security,' and 'They're better than Microsoft.' When you look at the details of this bug, though, the reality is that Apple's been negligent, I think."
He said that the most problematic Apple practice, from a security standpoint, is the regular inclusion in the OS X platform of older, outdated versions of open source code. Hackers can look at what flaws have been patched in newer releases, then write exploits based on the pre-existing vulnerabilities. Other security experts defended Apple's track record, however, noting that the company has patched serious flaws in a matter of days where Microsoft took several weeks for similar vulnerabilities.
Specifically, the vulnerability reported by Miller was one where viewing a maliciously crafted web page may lead to arbitrary code execution. Apple's description of the flaw is as follows: "Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions."
Via the exploit, attackers could gain access to the iPhone in one of three ways: any iPhone that automatically connects to an attacker-controlled wireless access point with the same name and encryption type as a trusted network would be compromised; an improperly configured forum on any website could allow insertion of the exploit; and iPhone users opening a link delivered via email or an SMS message could unknowingly open a hostile website.
Apple was under pressure to fix the security problem with the iPhone in a matter of days before briefings begin at the Black Hat 2007 conference
Filed under: Apple
, 
, 22
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
I know all these sites are fighting for page views, but shouldnt you earn then my having quality legitimate stories over a long period of time, instead of trying to grab page views with bullshit like this
1) " what is the motivation to go through all this to control an iphone temporarily?" Same as it would be for zombie nets. Your phone is a computer with a web browser. It can be directed to automatically open an ad site, it can be directed to go to a page that looks like AT&T asking you to enter your credit card info for revalidation, it can be directed to send every email address in your contact list to a spammer's database, or it can just be crashed beyond repair because some kid hates iphones.
2) "Until then, keep your yap shut" - speak fer yourself, bub. I'd rather know about potential issues on a mission-critical piece of kit like my iPhone *before* they become an issue. MacNN could have been more levelheaded and responsible about the posting, but this is MacNN and not some responsible news site.
3) "Instead its just one man's opinion" - You're right that it's only one man's opinion, but it's the opinion of a responsible security analyst with a doctorate who found a hugely serious issue on the iPhone and who by the way used to work for the NSA. I think if you don't take what he says seriously with his credentials, then you're just dangerously close-minded about Apple security and therefore irrelevant to any worthwhile discussion about security.