First MMS exploit for phones has been released

On late Friday the 29th of December, Collin Mulliner published proof of concept exploits of MMS vulnerabilities that he discovered six months ago.

...The proof-of-concept exploits target vulnerabilities in the SMIL presentation control language in MMS messages. Region tags in MMS SMIL are vulnerable to buffer overflow causing arbitrary code execution. In other words, if those tags get too large in content it makes it to possible for a malicious MMS message to execute code on the target device.

It is still unknown which phones are vulnerable to this exploit. F-Secure : News from the Lab

Linked by shanmuga Monday, 1st January 2007 9:45PM