Skip to main content

TreasonSMS Bug Allows Hackers to Execute Malicious Code on iPhones

posted onApril 24, 2012
by l33tdawg

Researchers from the Vulnerability Lab have found high severity HTML Inject and File Include security holes in TreasonSMS, an iPhone application that allows users to send text messages from their desktop computers by turning the phone into a SMS webserver.

According to the experts, the vulnerabilities can be exploited remotely, allowing an attacker to “include malicious persistent script codes on the application-side of the iPhone.”

The security hole can also be leveraged to inject webshell scripts that would give cybercriminals complete control of the affected application directory. “The Bug is located in the input fields of the Message Sending & Message Output. An attacker can scan the victim on walkthrough because the IP of the webserver makes the TreasonSMS available to anybody without password,” Benjamin Kunz Mejri, the founder and CEO of Vulnerability Lab, explained.

Source

Tags

Security Apple SMS

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th