Microsoft confirmed the existence of a Windows Phone messaging flaw on Tuesday.
WinRumors exclusively revealed on Monday that Windows Phone 7.5 suffers from a flaw that could allow potential attackers to send a malicious SMS to devices. The SMS would reboot the device and render the messaging hub functionality of Windows Phone useless. We tested the flaw on a range of Windows Phone devices, including HTC’s TITAN and Samsung’s Focus Flash. Some devices were running the 7740 version of Windows Phone 7.5, others were on Mango RTM build 7720. The attack is not device specific and appears to be an issue with the way the Windows Phone messaging hub handles messages. The bug is also triggered if a user sends a Facebook chat message or Windows Live Messenger message to a recipient.
Microsoft revealed on Tuesday that the company is investigating the flaw. Greg Sulivan, Senior product manager for the Windows Phone division at Microsoft, issued a statement to The Verge on Tuesday. “We are aware of the issue and our engineering teams are examining it now,” said Sulivan. “Once we have more details, we will take appropriate action to help ensure customers are protected.”
Details of the exact exploit have not been made public. Microsoft has the ability to issue over-the-air (OTA) updates to Windows Phone. The software giant has not used this to patch any issues yet, opting instead to release patches via the Zune application.