Not quite a day zero exploit, but close enough...
Errata Security has found at least three security holes in the iPhone. According to Forbes.com, the flaws include:
- a heap overflow bug in Safari,
- a potential denial-of-service vulnerability with Bluetooth, and
- a "data seepage" bug could expose data through "chatty client applications over WiFi".
As if that weren't enough: a post on slashdot says that the root password for the iPhone was cracked in just three days.
Other mobile phones have their own security vulnerabilities, to be sure, but the iPhone's high profile obviously makes it a prime target for potential hackers. But the silver lining in all this is that the iPhone, unlike the other phones, has a built-in mechanism for updating and patching the device's software: iTunes. According to Robert Graham (CEO of Errata Security), since iTunes is an integral part of the iPhone's software, it can be used to download security fixes and updates. Plans have already been announced for an update to be provided to iPhone owners through iTunes on July 5.
