A serious bug which allowed senders to spoof SMS messages on iOS, causing them to appear as if they were sent from a different number, has reportedly been fixed in iOS 6, released to consumers yesterday. The news comes via a tweet from jailbreaker Joshua Hill (a.k.a. p0sixninja), who also noted that the latest version of the mobile operating system includes an "insane number of security fixes."
The spoofing problem was first brought to light in mid-August by security researcher pod2g, who noted that the issue was still present in the beta 4 version of iOS 6. It works by exploiting a part of the SMS specification known as the Reply To field, which goes unused in most implementations, but is displayed in iOS. As pod2g pointed out, "most carriers don't check this part of the message, which means one can write whatever he wants in this section: a special number like 911, or the number of somebody else."