I hope it does require user interaction

Not likely. Consider what two parts do: GPS location, turn microphone on. Law Enforcement snooping, anyone?

I hope it does require user interaction, but, if it was a some type of protocol exploit in Safari you would think Miller would have framed it as such, or at least indicated it was exploitable through Safari, rather than single out SMS. Or maybe it was a sensationalist hook – we will find out soon enough. Or better yet, we won’t until after it has been patched

After all, the message is simply TEXT, its DATA, and a good operating system never EXECUTES data.

To do so would be a monumental blunder, and I just don’t think Apple programmers are that stupid.

So my bet is that the SMS has to launch something else (probably Safari) by a physical action of the user, like when you get a URL in a SMS and you launch it.

This seems far more likely to be a bug in Safari, and sms is simply a way to get lots of people to click a link.

That being said, I agree with @Dev re:

“Apple’s only known motivational button”.

All too often, the only way you can get Apple to do the right thing is embarrass them in the mainstream press.

If I were wearing my TinFoil hat, AND if we were talking about Microsoft, I would speculate on a back door access method based on specific SMS message structure having been intentionally built into the software.

But my tinfoil hat is at the cleaners, and Apple “would never be evil”…. http://mooseyard.com/Jens/?p=163

This vulnerability — a process that runs at root (!) executing arbitrary code in response to an unsolicited message from the outside — is far too severe to pretend Miller is the only one who noticed, and wait until Apple gets around to patching it.

Apple has demonstrated time and time again their willingness to use NDAs and gag orders to stifle everything from software discussion to contract issues, rather than fix the issue at hand promptly. If anything, Miller has done our community the best possible favor — by announcing it publicly, he pushes Apple’s only known motivational button to fix the issue promptly, and by not announcing implementation details, he does not give script kiddies a head start. Kudos to Miller.

Apple — the ball is in your court. You have a severe vulnerability in your most popular platform. Prove that this time you will not plug your ears and blame others. Fix your problem. Now.

Now, Miller hasn’t fully published this exploit. He HAS informed Apple of it. He is supposed to fully publish it at the upcoming Black Hat/DEF CON conference.

Apple has plenty of time to push a fix out. And since Miller isn’t necessarily the world’s foremost code-explorer you can probably safely bet that there are others who have independently discovered this vulnerability.

So, do you want Apple to take their sweet time or would you prefer that the “black hats” put a fire under Apple so we all get patched sooner rather than later?