DVD Jon has devised a way to “activate” the iPhone without AT&T being involved. This would be done to use the iPhone as just an iPod and internet tablet. Best of all you won’t have to sign your life away to AT&T (I happily did to be able to use my iPhone but it is up to you).
The Register points to Errata Security saying that using a buffer overflow on the iPhone’s Safari browser “an attacker can take control of the browser and run code on the device, said Robert Graham, CEO of Errata.”
This attack could allow someone with a bit of skills to force the iPhone to call 900 numbers if the browser visited a malicious website.
Hackers have already found two passwords one of which could allow an application root access to the device.
These vulnerabilities on the software don’t exactly make me feel good about the iPhone that I use however I don’t think that it will be too widely implemented, at least not for a while. There are a lot of iPhones in the wild but not enough to really be able to make money through these vulnerabilities, and I would assume that Apple will fix these holes in the first firmware update. The firmware update from what I can piece together may be as soon as next week.