Although the Apple iPhone is more resistant to security threats than many other mobile phones – largely because Apple maintains a fair amount of control over the applications that can be installed and the changes that can be made – it's not impervious to problems.
A new security flaw has recently been published on the Cryptopath blog and is explained in simpler terms on MobileCrunch.com.
In a nutshell, it's possible to create a file that appears to be 'verified' and from 'Apple'. This could be sent via email or downloaded from a web site. When opened, it could change or disable web and email settings – and removing the file could require the phone to be completely reset.
It's a useful reminder not to install anything you don't trust… or anything you weren't expecting.