Because of the popularity of the iPhone security concerns with the device are oftenignored if not dismissed all together, especially when compared to the BlackBerry.   I’d be willing to bet, however,  that IT firms that allow users to access corporate email from their iPhones will listen intently to what researchers Collin Mulliner and Charlie Miller have to say about iPhone security going forward.

You see, these two gentlemen recently took complete control over the iPhone of Elinor Mills, senior technology writer for CNet, with an SMS message at the Black Hat Security Conference in Las Vegas.

Here’s what happened: While I was talking on the phone to Charlie Miller, his partner, Collin Mulliner, sent me a text message from his phone. One minute I’m talking to Miller and the next minute my phone is dead, and this time it’s not AT&T’s fault. After a few seconds it came back to life, but I was not able to make or receive calls until I rebooted.

My iPhone is not jailbroken and it is running iPhone OS 3.0.

The attack is enabled by a serious memory corruption bug in the way the iPhone handles SMS messages, said Miller, a senior security researcher at Independent Security Evaluators.

Apple was notified about the vulnerability which affects all versions of the iPhone OS about 6 weeks ago, however, no patch has been released to correct the issue as of yet.


An update, iPhone OS 3.0.1, which address this issue, has been realeased…