Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web
pages even when they're protected by the SSL, or secure sockets layer, protocol,
a security researcher said.
The fault lies in a feature that makes it easy to configure large numbers of
iPhones so they meet an organization's IT policies, said Charlie Miller, a
researcher at Independent Security Evaluators. Not only does the provisioning
feature work over the internet, it can be tricked into accepting malicious
configuration files.
