First iPhone Bug Reported
Yup. After waiting a day to get the darn thing activated, we found a bug within a few minutes. We are cheating, of course, it's just the same bug we found earlier on Safari. Also, our Bluetooth fuzzer locks up the device, so that's an interesting sign. (As we've said in the past, we'll disclose all our bugs to Apple when they publish acceptable vuln handling guidelines).
The thing that interests us most, though, is that we think the iPhone is inherently more secure than competing smartphones (such as those based on Windows Mobile or Symbian). While Apple is slightly behind Windows on the desktop/server (that Samba bug still appears to be unfixed), it's still light years ahead of the mobile vendors. The mobile market is completely screwed up right now: while carriers know about the widespread vulnerabilities in their phones, the carriers are unwilling to patch them.
Apple is taking a chance. Rather than allowing carriers like at&t/Cingular to control the mobile experience, Apple is controlling the experience through iTunes. Financial analysts on Wall Street are waiting to see whether this strategy will work. Security is an are that can prove Apple right if they respond to security threats better than the carriers.
<< more at link >>