iPhone security

Ever worry that someone is trying to spoof the origin of text messages on your iPhone? Well according to developer pod2g you should. Although the security flaw he cites is not capable of executing malicious code, it can be exploited to fake the origin of an SMS to an unsuspecting iPhone user.

Pod2g is hoping Apple fixes the problem before the final release of iOS 6. If iOS dealt with incoming text message information properly, the message would display the reply-to (spoofed) phone number as well as the actual originating phone number. As currently configured, iOS only shows the reply-to number.

Apple has started to prompt iOS users to enter security questions in an effort to increase security for Apple ID accounts. The dialog box that pops up on the home screen may look suspicious, but the process is legit. The box reads "Security Info Required" and explains that a password confirmation is necessary.

If you see the pop up, don't be alarmed, simply tap the Security Info button to make sure that Apple doesn't bother you again. This will forward you over to a Security Info screen, where you'll need to enter three separate security questions with answers.

Both Facebook and Dropbox raised eyebrows this week when a security flaw was discovered that could reveal iOS users' personal data. The good news is that both companies are working on a patch to correct the security hole. In addition, the threat of your information actually being stolen is low.

The flaw enables access to personal data only if the malicious person going after your data has physical access to your iPhone or iPad. When it comes to Facebook, the issue revolves around use of a plain text file known as a .plist to store sensitive login information. Copying the file to another iOS device enables access to the victim's account using the Facebook app.

Reports of iMessages being received on the wrong iPhone have resurfaced, this time with Gizmodo posting a slew of information not intended for their eyes. Apparently an Apple employee briefly inserted his personal SIM card into a customer's iPhone, and ever since his iMessages are being delivered to her device.

This is after the customer's iPhone was reset and her personal infomation including her AppleID was reentered on the handset. Similar reports of the problem have cropped up intermittently in the past, with Ars Technica weighing in on the issue. Support forum threads regarding the problem have sprung up at Apple and elsewhere as well.

Apple has released iOS 4.3.5 to patch another security hole. The last update released only a few weeks ago patched the PDF exploit used by hackers to release the latest jailbreaking tool. This update is to stop "an attacker with a privileged network position" from stealing your data while you're surfing the web. If your iPhone or iPad is jailbreak free, or you don't plan on jailbreaking it in the future, accepting the update is probably a good idea. However, the current redsn0w 0.9.8 jailbreak hack still works with the update.

Just connect your device to your computer and "check for updates" to download iOS 4.3.5 for your iPad, iPod touch (3rd generation), iPhone 4, iPod touch (4th generation), iPhone 3GS. The Verizon update is labeled 4.2.10.