Less than one month after a hacker discovered an SMS spoofing flaw within iOS, Apple has apparently patched the vulnerability in its newly-released iOS 6 mobile operating system.
The bug was related to how previous iterations of iOS handled incoming SMS messages, with the system supporting certain optional features in the SMS specification’s User Data Header, including a “reply to” address. A malicious user was able to send spoofed SMS messages to an iPhone owner using any chosen reply number. Because not all phones support the advanced feature, most carriers neglect to check that part of the message, meaning the the vulnerability was seemingly limited to iPhone users.
With iOS 6, Apple has reportedly patched the flaw, no longer allowing SMS spoofing to trick iPhone users into thinking they are receiving a message from a known party.