This is a very very serious bug for iPhone that iPhone users must be wary of. Two European researchers have successfully hacked a fully patched iPhone and exfiltrated the device’s entire SMS database in 20 seconds.
According to ZDNet, Vincenzo Iozzo and Ralf Philipp Weinmann exploited a previously unknown vulnerability and had the target iPhone visit a website containing malicious code. Both of them found the vulnerability and wrote the exploit. Once they put everything in place, the hack took just 20 seconds.
When the iPhone is hacked, any site that a user visits on their rigged site will grab the SMS database and upload it to a server they control. It gets worse than that. The exploit can even retrieve the user’s contact list, photographs and iTunes files.
ZDNet cites Weinmann as saying that there is a non-root user called mobile with certain user privileges in the iPhone Sandbox. With the exploit, the hacker can do anything that the user mobile can do. It is a scary scary bug that iPhone users have to be aware of. Imagine your contact list, photographs and all can be retrieved by hackers.
If your iPhone contains private scandalous photos, you may be in big trouble.
I still use Chrome for my web tasks but it seems likely that I would have to be forced to use Firefox to even create a new post in my WordPress blogs. And no, I ain’t going to use Safari. 😛