According to a report at The Register Apple is failing to keep iPhone software up to date with security patches. This despite the iPhone 1.1.4 software being nothing more than a "pared-down version of Mac OS 10.5" it says.
The Jesus Phone is said to be vulnerable to a number of exploits which have been patched pretty damn quickly in desktop software. The article refers specifically to the Apple WebKit vulnerability which uses a bug that was present in some versions of Safari to allow data theft from the iPhone. Miller successfully demonstrated this in March during the CanSec West security conference.
Successfully enough to win $10,000 in the Pwn to Own competition there at any rate.
Miller has a tool to exploit the vulnerability on the iPhone which, after having clicked on a malicious link of course, the user of the handset could find outgoing calls being made by he attacker as well as data being compromised.
Other security researchers are warning of more to come, including one uncovered by Aviv Raff which can allow phishing attacks using the iPhone. Raff is not publishing details as he waits for an Apple patch to emerge.
