Two security researchers, Charlie Miller and Collin Mulliner, have discovered a serious security vulnerability on the iPhone and will present their findings later today at the Black Hat convention in Las Vegas.
Meanwhile, they have already demonstrated this flaw in action to CNET‘s Elinor Mills before the conference.
Here’s what happened: While I was talking on the phone to Charlie Miller, his partner, Collin Mulliner, sent me a text message from his phone. One minute I’m talking to Miller and the next minute my phone is dead, and this time it’s not AT&T’s fault. After a few seconds it came back to life, but I was not able to make or receive calls until I rebooted.
The attack is enabled by a serious memory corruption bug in the way the iPhone handles SMS messages, said Miller, a senior security researcher at Independent Security Evaluators. There is no patch, despite the fact that Apple was notified of the problem about six weeks ago, he said.