iPhone remote attack vulnerability found?
Threat post have an article detailing possibility of a remote attack against iPhones with a proper security validation under the name of "Apple Computer". Threat explains:
There are several flaws in the way that the iPhone handles digital certificates which could lead to an attacker being able to create his own trusted certificate and entice users into downloading malicious files onto their iPhones. The attack is the end result of a number of different problems with the way that the iPhone handles over-the-air provisioning, trusted root certificates and configuration files. But the result of the attack is that a remote hacker may be able to change some settings on the iPhone and force all of the user's Web traffic to run through any server he chose and also to change the root certificate on the phone, enabling him to man-in-the-middle SSL traffic from the iPhone.Strange though - in the same article, an independent security researcher, Charlie Miller, is quoted as saying the vulnerability will NOT remotely execute anything. The problem stems from the iPhone's trusting of certain signature certificates. This is probably another contentious issue, and thankfully this is more a proof-of-concept than a real threat, but it is proof, however, that there is danger. As the certificate comes from "Apple Computer" (when in fact it isn't), it could pose major 'social engineering' problems for users as a user-accepted attack.