iPhone's SMS Database Can Be Hijacked in 20 Seconds

As part of the Pwn2Own 2010 hacking contest, Vincenzo Iozzo and Ralf Philipp Weinmann created an exploit which allows them to hijack fully-patched iPhones' SMS databases-right down to deleted messages-simply by luring users to a "rigged" website.

Aside from hijacking entire SMS databases in about 20 seconds, the exploit could potentially also be used to "exfiltrated the phone contact list, photographs and iTunes music files." All that by simply having a user visit a specific website and without ever needing to leave the iPhone sandbox.

The story is too old to be commented.