Wired has just run an item comparing the iPhone's security model with Windows 95 (No, That's Not Good).
The problem was unearthed back in June by Independent Security Evaluators, who published a paper about it (PDF). The main complaint is, as Wired says, that "every application on the device -- from the calculator on up -- runs as "root," ie, with full system privileges. As a result, a serious vulnerability in any of these applications would allow hackers to gain complete control of the device." Wired adds:
Last week, H.D. Moore, a security researcher who developed the Metasploit Framework security and hacking tool, posted information on his blog about a vulnerability in the iPhone's tiff library that is used by the phone's e-mail , browser and music software. He also supplied detailed instructions on how to write code to exploit the bug and provided an exploit to gain remote control of an iPhone.
According to Wired, ISE's Charlie "Miller says Apple will need to redesign the entire firmware to fix the problem -- which would require owners to install a pretty hefty update."
Incidentally, Wired's account somewhat glosses over the details of Windows security models. Fact is that Windows 95 didn't have one, and it didn't have file-level permissions: the best you could do was control security via an NT server, and hope users weren't smart enough to boot from a floppy. That wasn't a matter of design, it was inherited from DOS. However, right from the start (1993), Windows NT did have a proper security model, which was much the same as the one in the DEC VAX/VMS minicomputer. (Not coincidentally, Dave Cutler was responsible for both operating systems.) The problem was getting companies with a history of writing DOS/Windows software to do a proper job of writing NT/XP software, ie not requiring root/admin access. Sadly, that proved to be beyond many of them. One of the things Vista adds is that it makes everybody run at user level, even if they are logged on as an administrator.
