A major flaw in the Apple iPhone's browser opens the device to attack through a malicious wireless access point or Web server, the security firm that discovered the vulnerability announced on Monday.

Because of some poor security choices in the phone's design, an attacker could install code to steal any and all data on the iPhone by exploiting a flaw in Apple's MobileSafari browser, the company, Independent Security Evaluators, said in a general analysis of the issue. An attack could use a link sent through e-mail or by an SMS (short message service) text message, or use an attacker-controlled wireless access point to execute a man-in-the-middle to redirect the iPhone's browser to the malicious code.

"We only retrieved some of the personal data but could just as easily have retrieved any information off the device," the company's analysis stated.

The exploit developed by Independent Security Evaluators takes advantage of a number of security weaknesses in the iPhone, the company stated. The worst issues is that all the device processes run with full administrator privileges. Moreover, the phone does not use address layout randomization and non-executable heaps to make exploitation more difficult, the firm's analysis said.

Released at the end of June, the Apple iPhone immediately came under scrutiny by security researchers and consumer electronics' hackers. Within days, noted Apple and DVD hacker Jon Lech Johansen found a way to turn on certain functions of the phone without going through the activation process. Other hackers discovered ways to make the file system accessible to non-Apple programmers.

Miller and Independent Security Evaluators plan to reveal the full details of the attack at the Black Hat Security Briefings in Las Vegas on August 2.
SecurityFocus