Apple Fixes SMS Spoofing Vulnerability in iOS 6
Less than a month after pod2g discovered an SMS spoofing flaw
within iOS, Apple has went ahead and patched the vulnerability. According to p0sixninja, Apple’s latest version of their mobile platform, iOS 6, has a number of security fixes with the SMS spoofing bug being one of them.
The bug was related to how previous iterations of iOS handled incoming SMS messages with the system supporting certain optional features in the SMS specification’s User Data Header, including a “reply to” address. Malicious users were able to send spoofed SMS messages to an iPhone owner by using any chosen reply number because not all phones support the advanced feature. Most carriers tend to neglect to check the specific part of the message, meaning the vulnerability was seemingly limited to iPhone users.