Friday, 21 November 2008

Apple iPhone Security Updates

I got this Apple Security Advisory alert email a few minutes ago and along with about 50,000 other security patches for the iPhone/Touch the following amused me very much:


“Passcode Lock

CVE-ID: CVE-2008-4228

Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

Impact: Emergency calls are not restricted to emergency numbers

Description: iPhone provides the ability to make an emergency call when locked. Currently, an emergency call may be placed to any number. A person with physical access to an iPhone may take advantage of this feature to place arbitrary calls which are charged to the iPhone owner. This update addresses the issue by restricting emergency calls to a limited set of phone numbers.”


So basically, what crApple are saying, is that if you haven’t got the update, anyone who nicks a locked iPhone can make calls to any number they want.

How amusing…

No comments: