Creepy spoofing bug now patched thanks to the work of a jailbreaker

Sep 20, 2012 14:53 GMT  ·  By

One notable takeaway from Apple’s iOS 6 security bulletin is that Pod2g’s SMS spoofing flaw is now fixed. The Cupertino giant has included an insane number of security patches in its latest iOS update, hackers note.

Confirmed by fellow jailbreaker Joshua Hill (@p0sixninja), the SMS bug originally discovered and documented by hacker Cyril (@Pod2g) is now patched in iOS 6.

According to Apple’s advisory, earlier versions of iOS could make an SMS message appear to have been sent by an arbitrary user, leading to a potential spoofing attack.

“Messages displayed the return address of an SMS message as the sender. Return addresses may be spoofed,” reads the advisory. Apple closed the hole “by always displaying the originating address instead of the return address.”

This is actually not the only SMS bug Apple patched in iOS 6. Another one, also discovered by Pod2g, could disrupt cellular connectivity. Apple’s engineers fixed it through improved bounds checking.

The iPhone makers didn't forget to credit the hacker while they were at it (screenshot above).