In following up with yesterday’s story, I saw that AppleInsider had gotten wind of a BBC report that the iPhone SMS exploit should be patched by this weekend via an iTunes update.
For tech-heads that want more detail about how this exploit actually worked, the AppleInsider article detailed it:
The exploit takes advantage of the fact that SMS can send binary code to a phone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone. The exploit supposedly exposes the iPhone completely, giving hackers access to the camera, dialer, messaging and Safari. It occurs regardless of hardware revision or which version of the iPhone OS is running.
The technique involves sending only one unusual text character or else a series of “invisible” messages that confuse the phone and open the door to attack. Because users won’t know whose messages to block in advance, there’s little iPhone owners can do but to shut off the phone immediately if they suspect they’re at risk — a real problem as the trick could also be used to make an iPhone send more messages of its own.
Hopefully this will indeed put any fears of possible hijacking by SMS to rest. Again, I will continue to update if I see any more news.