July 3, 2008 2:22 PM PDT

Researcher faults Apple iPhone on security updates

by Robert Vamosi
  • Font size
  • Print
  • 2 comments

A leading Mac OS X researcher says Apple has not kept the iPhone operating system up to date with patches it has issued for the desktop.

The iPhone runs a stripped-down version of Mac OS 10.5 and automatically checks for security updates. The last update for the phone, 1.1.4, was issued in February.

That means iPhone users are still vulnerable to a flaw discovered by Charlie Miller in March.

During the CanSecWest conference, Miller found and used a buffer overflow in Safari in the Apple WebKit to win a $10,000 "Pwn to Own" contest. Apple patched Miller's Safari vulnerability for the desktop in April, but so far has not issued a similar patch for the iPhone.

Miller told the Washington Post recently he has an exploit of the flaw that will work on the iPhone.

Meanwhile, ZDNet's Ryan Naraine points out that there's another upcoming iPhone exploit expected soon from Aviv Raff.

Speculation within the security community is that Apple is currently focused on the 3G version of the iPhone. Upgrades to current iPhones may be pushed out in advance or concurrent with the July 11 release of iPhone 2.0.

Apple does not respond to requests for comment on its software security policies.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security

Tags:

security,

iPhone,

Apple,

Charles Miller,

Safari,

CanSecWest

Share:
Digg
Del.icio.us
Reddit
Recent posts from Defense in Depth
Window Snyder to leave Mozilla
How to handle ID fraud's youngest victims
Is white listing going mainstream?
How Live OneCare changed the antivirus landscape
Express Scripts clients threatened with extortion
Study: DDoS attacks threaten ISP infrastructure
Security expert talks Russian gangs, botnets
Extortion used in Express Scripts database breach
Related
Firefox, Adobe top buggiest-software list
What's next for social gaming on the iPhone?
Analyst: Verizon is the iPhone's next big feature
Microsoft needs to go big with Windows Mobile
The five most welcome digital audio products of 2009
EyeTV 3.3 conquers 3G iPhone video streaming
The iPhone moves from the quad to the classroom
Tablet hint? Apple developers supersizing apps for January event
Add a Comment (Log in or register)
by ayoung45 July 3, 2008 3:30 PM PDT
Anyone think a firefox 3 mini browser will be available for the iphone?? That would be cool. And hopefully, it would also be secure.
Reply to this comment
by jackisgoodguy August 2, 2008 1:11 AM PDT
I'd like to know when new update for iphone would appear
My name is Jack, my web site is http://mysitehere.atspace.com/
Reply to this comment
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET