A team of security experts working for Independent Security Evaluators have discovered a serious security vulnerability in Apple's iPhone. The vulnerability would allow a hacker to take control of the iPhone over a WiFi connection or by tricking users to visit a booby trapped website.
Basic details of the vulnerability can be found on www.exploitingiphone.com.
OK. Cool. Wow. Stop the presses.
Seriously, did anyone really think that the iPhone WOULDN'T have a serious security vulnerability? Is there anyone out there (short of those full-on Mac fanboys) that think that the iPhone code doesn't contain LOTS of exploits waiting to be uncovered? The only thing that surprises me about this discovery is how long it took - and that said, we don't know if black hat researchers haven't already discovered some exploits of their own.
There's an interesting quote in the New York Times article by Aviel D. Rubin, founder of Independent Security Evaluators:
“Windows gets hacked all the time not because it is more insecure than Apple, but because 95 percent of computer users are on Windows,” he said. “The other 5 percent have enjoyed a honeymoon that will eventually come to an end.”
No matter how much Mac users want to kick and scream about it, hackers are turning their eyes towards Mac OS, and this is going to lead to Mac users having to face more security threats that they currently do. The idea that a codebase as big as Mac OS is free of exploitable bugs is just plain crazy.
Even if we had a 100% secure platform (yeah right, in your dreams) the final word on security is with the person sitting in front of the keyboard. As the Mac OS X user base grows, so does the proportion of ID10T/PEBKAC users who will click on everything and anything to download and install all kinds of crap on their systems. It's this kind of user that hackers will aim for first.