Independent Security Evaluators researchers have identified a vulnerability in the iPhone Safari browser that could be used to give someone full access to an iPhone. Fortunately, the exploit is not out in the wild and there have been no reports of users being affected by such an attack.
The exploit is delivered via a malicious web page and runs a piece of code with administrative privileges. In their proof of concept, the researchers showed how the code could read the log of SMS messages, the address book, the call history, and the voicemail data and transmit this data back to them.
The Independent Security Evaluators have already notified Apple of their findings and proposed a fix. In the meantime, they suggest that you visit only sites you trust, only use Wi-Fi networks you trust and that you don’t open web links from emails.
More information about the exploit will be revealed during the Blackhat conference on on August 2.
Apple is investigating the findings and if and when they develop a patch, will be able to push it out via the iTunes firmware update mechanism.