The popularity of the iPhone ensures that it’s going to be a target of unwelcome attentions, so the announcement that AM that a team of protection researchers had allegedly discovered a vulnerability should not be shocking.

Independent safety measure Evaluators, the firm that did the study, claim to have found the gap in the iPhone’s version of Safari. It would allow for the execution of arbitrary cipher, run with administrative privileges. Such cipher can in theory do anything the iPhone can do, including sending text messages, stealing e mail passwords, or recording audio. The demo that ISE has concocted reads the SMS text log, the address book, the shout history, and the voicemail details.

While that exploit should not be taken lightly, it’s fundamental to note that it’s not in the wild: ISE has released a preliminary paper, with a full paper and presentation to be given at the BlackHat conference on August 2nd. They’ve notified Apple of the exploit along with a proposed fix. plus fundamental to note is the potential attack vectors: since the vulnerability is in Safari, the user needs to go on a link or otherwise be directed to a malicious website, so it’s fundamental to practice safe computing.

Original post by Dan Moren