On Friday, Apple released iPhone OS 3.0.1 for iPhone devices. The release was apparently put out in response to a vulnerability pointed out during the Black Hat Security Conference. To install the “patch” for this vulnerability, iPhone owners must download an entirely new version of the iPhone operating system (230 megabytes) rather than just being able to install a smaller patch.
However, there are rumors floating around the Web that the patch only fixes one of two separate vulnerabilities exposed at the Black Hat conference. The first vulnerability, known as the Miller hack, is apparently what the new OS patches. However, another vulnerability, referred to as the Miras/Lackey hack is still open and can potentially effect any phone on a GSM carrier (not just the iPhone). About the Miras/Lackey hack, @musclenerd says “3.0.1 doesn’t begin to fix them.”
It will be interesting to see if any patches or fixes come out to close the hole exposed by Miras and Lackey, how long it takes to do so, and from where the patches will come (will the phone companies themselves release them, or will they come from the manufacturers).