The problem according to Charlie Miller, principal security analyst for Independent Security Evaluators, is that every program on the iPhone runs with root priviliges, meaning full access to everything on the phone. A vulnerability in the Safari browser discovered earlier this year by Miller and his colleagues has already been addressed by Apple, but the root permission problem, also criticized in the paper detailing the Safari vulnerability, remains.
Apple has announced plans to release a public SDK so anyone can develop iPhone applications. As part of the announcement, CEO Steve Jobs said there were security issues being addressed in conjunction with the release. Hopefully that means OS updates that resolve this vulnerability. Access to data on an iPhone or its connection to a mobile phone/SMS/data network could be much more than an annoyance for iPhone users and mobile providers alike.
Source: Wired
Written by: Rich Fiscus @ 23 Oct 2007 12:57