Too bad I wasn’t there right at the close of the presentation yesterday, but these days I can afford not to ride a plane 13 hours to Washington D.C. At work we performed some in-house reviews of iphone security about two years ago, accepting some risks over functionality. However, three different channels of information through personal contacts, web browsing, and work relationships have raised a flag about this research being performed on iphone security. The findings revealed in the papers dispute two tenets of iphone security that have been repeated throughout the past couple years:

1) sandboxing applications so that applications cannot see and adjacent application’s data
2) kernel, system files, and system resources are shielded from user’s application space

First reaction is, ‘Hmmmmmm….. if this researcher is right, then we have a bigger problem.’ The problem gets bigger since we know that exploits are already out there, or are being developed, by the time a researcher announces. Also, the problem gets even bigger because there is a proof-of-concept to backup the research available at git.
For more information on the attacks, there are papers and presentations available on the site here for the paper, and here for the slides.
Enjoy! Please comment.