Charlie Miller, Jake Honoroff, and Joshua Mason, members of the software security team at Independent Security Evaluators had discovered a vulnerability within two weeks of part time work and “developed a toolchain for working with the iPhone’s architecture (which also includes some tools from the #iphone-dev community), and created a proof-of-concept exploit capable of delivering files from the user’s iPhone to a remote attacker. The exploit is delivered via a malicious web page opened in the Safari browser on the iPhone.” Delivery vectors of the attack could be: an attacker controlled wireless access point, a misconfigured forum website, a link delivered via e-mail or SMS.
The professionals suggest 3 practices to diminish the iPhone’s vulnerability:
- Only visit sites you trust.
- Only use WiFi networks you trust.
- Don’t open web links from emails.
A preliminary technical paper called Security Evaluation of Apple iPhone is available.