I think that's a bit naive, Erica; essentially every iPhone web app is "iffy"...as pretty much all of them aren't coming from "names you know" now are they? :)
In fact, the whole thing is quite an embarrassment to Apple, who did a lot of jumping up and down in the process of shunning Apple's *Kit and *Foundation-class developers because they didn't want some errant app threatening the "stability and security of the phone" or "taking down ATT's West Coast network." Instead, we have an exploit that without warning can essentially dump a bunch of personal info from your phone to who knows where or who or worse...simply by visiting the site to check it out? Are you recommending on TUAW that no one checks out any new announced web apps until Apple gets this thing patched, Erica? What if someone puts up say, a neat iPhone game that is in "beta" and seems to crash MobileSafari...when in fact its running this exploit or one like it? Its very silly and irresponsible to dismiss an obvious horrific flaw like this, especially considering that web apps are the chosen "app platform" for OSX, in an environment where someone could set up a website and hide their identity behind a couple of proxy services simply because you choose to believe Apple Marketing :) -Chuck On Jul 23, 2007, at 12:42 AM, Erica Sadun wrote: > >> Looks like some one has made an iPhone exploit that allows a >> malicious >> program to be run on the iPhone. It sucks that they use it as a >> virus, it would be great for running 3rd Party Apps. (if true) >> >> http://www.securityevaluators.com/iphone/ > > Just spent a lot of time looking at this. It breaks down into three > exploits, which are really just standard risks of computing: > > * Unreliable WiFi access. (Solution: only connect to trusted networks > when you're physically at the right place) > * Possible phishing links. (Don't click on email links from people > you don't trust) > * Possible Win/Mac/iPHone Safari vulnerabilities for uploading your > data. (Pretty unlikely, wait for patch, don't visit Websites that are > iffy.) > > -- Erica > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "iPhoneWebDev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/iphonewebdev?hl=en -~----------~----~----~----~------~----~------~--~---
