Over at the SyScan conference in Singapore, security researcher Charlie Miller cited his discovery of a new significant exploit in the iPhone’s SMS system. The flaw may “allow an attacker to remotely install and run unsigned software code with root access to the phone.”
“The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator’s network. The malicious code could include commands to monitor the location of the phone using GPS, turn on the phone’s microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet.”
According to HotHardware, it’s unlikely that there could be any risk of a wide-spread attack on iPhones, though the high number of iPhone handsets out there make it an issue. Miller has agreed with Apple to wait until Black Hat USA expo in Las Vegas later this year to release the details of the exploit, giving Apple a window of time to patch the exploit.