iPhone Left Wide Open Through Safari

The widely popular Apple iPhone is facing a critical security threat courtesy of a vulnerability in the device's Safari web browser. Discovered by Independent Security Evaluators, the flaw in the browser can provide an attacker with full control over your iPhone by installing malicious code via one of three distinct methods.

The first delivery method for this exploit involves wireless access points. If a user finds themselves in range of an attacker-controlled access point bearing a similar name and encryption type as one that was previously trusted, their iPhone will automatically connect to said point in certain cases. Once connected, the attacker can replace web pages viewed through Safari with a page containing the exploit itself. The second delivery method involves an attacker causing the exploit to run from potentially dangerous data contained in a forum post. The third and simplest method involves tricking the user into visiting a maliciously crafted page via a link in an email or SMS message.

Once successfully run this exploit essentially gives an attacker carte blanche to your device, allowing them to do just about anything that your iPhone can do. This includes reading message logs, sending passwords to the attacker, and even recording and transmitting your audio conversations.

ISE has informed Apple of this issue and has even gone as far as proposing a fix. Until a patch addresses the vulnerability, it is recommended that you stay away from unfamiliar web sites and avoid clicking on any web link contained in email or SMS messages. Finally and most importantly, don't connect to WiFi networks that you do not fully trust.