Apple has plugged an SMS flaw that would enable an attacker to take complete control over an iPhone.
Researchers Charlie Miller and Collin Mulliner said at the Black Hat security conference that an attacker could use the SMS exploit to make calls, swipe data and send text messages. The attack was enabled by a memory corruption bug in all iPhone operating systems (see the Black Hat paper).
Apple was notified of the problem six weeks ago, but didn't deliver a patch. That changed on Friday when Apple patched CVE-2009-2204.
A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Technical University Berlin for reporting this issue.
Update that iPhone OS.