This was reported earlier in the month. Most blogs' source reference is this Yahoo Tech article, that claims:
"Apple is working to fix an iPhone vulnerability that could allow an attacker to remotely install and run unsigned software code with root access to the phone."
No details on if Apple dropped the ball or if they were actually working on it in the first place.
My best guess to the vulnerability is the iPhones new MMS capability. They probably had to punch some holes in the sandbox to get MMS media saved on to the phone.
Seems like a reasonable guess, but I still don't see where the widespread capability for hijacking the phone would come from. For that there would seem to be a requirement to launch and concurrently run an application permanently...and, unless I'm missing something, such an approach is inherently quite difficult and (intentionally) limited on the current iPhone OS.
The phone is perfectly capable of running background processes -- it really is just Darwin running on a small ARM device.
The default sandbox does not permit calls to fork/exec, but there's no guarantee that the SMS application runs in that sandbox, or that an attacker can't find a way to escape the sandbox.
"Apple is working to fix an iPhone vulnerability that could allow an attacker to remotely install and run unsigned software code with root access to the phone."
http://tech.yahoo.com/news/pcworld/20090702/tc_pcworld/apple...
No details on if Apple dropped the ball or if they were actually working on it in the first place.
My best guess to the vulnerability is the iPhones new MMS capability. They probably had to punch some holes in the sandbox to get MMS media saved on to the phone.