3 rules to protect your iPhone from a serious Safari security problem

Charlie Miller, Jake Honoroff, and Joshua Mason, members of the software security team at Independent Security Evaluators had discovered a vulnerability within two weeks of part time work and “developed a toolchain for working with the iPhone’s architecture (which also includes some tools from the #iphone-dev community), and created a proof-of-concept exploit capable of delivering files from the user’s iPhone to a remote attacker. The exploit is delivered via a malicious web page opened in the Safari browser on the iPhone.” Delivery vectors of the attack could be: an attacker controlled wireless access point, a misconfigured forum website, a link delivered via e-mail or SMS.

The professionals suggest 3 practices to diminish the iPhone’s vulnerability:

  • Only visit sites you trust.
  • Only use WiFi networks you trust.
  • Don’t open web links from emails.

A preliminary technical paper called Security Evaluation of Apple iPhone is available.