23 July 2007
A buffer overflow flaw — a very common programming bug that can have serious security consequences — has been found in the iPhone by Charlie Miller, Jake Honoroff, and Joshua Mason of Independent Security Evaluators (Avi Rubin's company). Yes, it's a security problem; yes, Apple needs to fix it ASAP. A technical description of the problem is here.
It's not the end of the world, though. (More details on my opinion are in the New York Times article.) The I.S.E. FAQ says it best:
Should I turn my iPhone off and lock it in a drawer until Apple fixes this? Not unless you plan to do the same to all the other computers you own. The iPhone is an internet connected device running a relatively full featured software suite: this research shows that it is vulnerable just like many other similarly capable devices, both PCs and embedded systems.In other words, exercise caution, not paranoia.