Last Updated Oct 18, 2007 5:30 PM EDT
Andrew Storms, director of security operations for nCircle, explained the situation in an email:
If weaponized, Storms explained, the assault will present itself as a drive-by attack in which sites host seemingly innocuous images and other media that actually perform dangerous actions when rendered in a Web browser on the iPhone.According to Moore, the root process issue creates a threat to security, rendering the iPhone the perfect spying device. With this information, Apple may be able to make the iPhone far more secure so enterprises can trust it with private data.
And, Storms said, the TIFF vulnerability and Safari bugs are "just problems which lie at the surface of the iPhone." Storms pointed out that in a BlackHat 2007 talk, Chris Miller at Independent Security Evaluators disclosed that all processes on the iPhone run privileged as root. "This architectural discovery in the iPhone means that any compromise of the device results in providing the attacker with privileged access."
(iPhone Hacker image by Jordan Roher)