Security researchers at Independent Security Evaluators discovered a vulnerability, developed a toolchain for working with the iPhone’s architecture (which also includes some tools from the #iphone-dev community), and created a proof-of-concept exploit capable of delivering files from the user’s iPhone to a remote attacker. The exploit is delivered via a malicious web page opened in the Safari browser on the iPhone.
There are three ways that an attacker can control the browser: a controlled wireless access point, an improperly configured forum website that includes harmless code in a forum post, and a link delivered via e-mail or SMS.
Video presented by ISE showing the exploit.
The security experts have notified Apple of the vulnerability and proposed a patch. Apple is currently looking into it.
Security and safety practices during use of the iPhone to thwart attackers:
Only use WiFi networks you trust. If attackers have control of your Internet connection, they have the ability to insert exploits into any website you visit.
Don’t open web links from emails. Many current viruses send links to malicious sites in emails that look like they are from trusted contacts.