Researcher faults Apple iPhone on security updates
A leading Mac OS X researcher says Apple has not kept the iPhone operating system up to date with patches it has issued for the desktop.
The iPhone runs a stripped-down version of Mac OS 10.5 and automatically checks for security updates. The last update for the phone, 1.1.4, was issued in February.
That means iPhone users are still vulnerable to a flaw discovered by Charlie Miller in March.
During the CanSecWest conference, Miller found and used a buffer overflow in Safari in the Apple WebKit to win a $10,000 "Pwn to Own" contest. Apple patched Miller's Safari vulnerability for the desktop in April, but so far has not issued a similar patch for the iPhone.
Miller told the Washington Post recently he has an exploit of the flaw that will work on the iPhone.
Meanwhile, ZDNet's Ryan Naraine points out that there's another upcoming iPhone exploit expected soon from Aviv Raff.
Speculation within the security community is that Apple is currently focused on the 3G version of the iPhone. Upgrades to current iPhones may be pushed out in advance or concurrent with the July 11 release of iPhone 2.0.
Apple does not respond to requests for comment on its software security policies.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
My name is Jack, my web site is http://mysitehere.atspace.com/