Security researchers Vincenzo Iozzo from Zynamics and Ralf-Philipp Weinmann from the University of Luxembourg have demonstrated a new security risk on the Apple iPhone at the Pwn2Own challenge in Canada. It's a dramatic change from last year's competition, when the iPhone wasn't compromised by any researchers.
The attack – which used a technique known as 'return-into-libc' or 'return-oriented-programming' – allowed the researchers to steal the SMS database from an iPhone when the user visited a malicious website. Accessing other databases on the phone would also have been possible.
Pwn2Own, part of the Zero Day Initiative, rewards security researchers for acting responsibly. This means full details of the issue won't be made public until Apple has patched the vulnerability.