Pwn2Own: fully-patched iPhone hacked, SMSes downloaded via website
Vincenzo Iozzo and Ralf Philipp Weinmann, a couple of European security researchers, just demonstrated a zero-day hack on a fully-patched iPhone as part of Pwn2Own. Once an iPhone user is lured to a malicious web page, their entire SMS database is uploaded onto the server without them realizing it -- including deleted SMSes.
Currently the hack crashes Safari, but they claim that given enough time, they could make it so Safari doesn't even crash. The upload process takes about 20 seconds, and it took them two week to develop the exploit itself. Now let's see when Apple releases a patch for Safari.
Opera for iPhone, anyone?
[Via: ZDnet via Neowin]