Days after the SMS vulnerability was reported, in which a single character could be used to crash or even take over an iPhone, Apple (s aapl) has released a single-purpose update.
The Knowledgebase Article makes it sound as potentially bad as it is.
Impact: Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution
Description: A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Fraunhofer SIT for reporting this issue.
All iPhones were vulnerable to attack, regardless of OS version. The only defense from having your personality rewritten or being possessed by a ghost was to shut the phone off, which was hardly practicable. While it’s always nice to see Apple give credit to the those who discover an exploit, it’s unfortunate it took the researchers going public to get the company to move on this issue.