Some new browser security flaws may be more harmful than previously estimated for iPhones, iPods, and iPads. The exploits take advantage of the way recent jailbreak software use the Safari web browser to download apps not authorized by Apple. An attack utilizing this exploit could give the attacker unrestricted access to the device.
Possible scenarios could include:
- spoofing a wireless access point and redirecting the unexpecting user of the iOS device to a page hosting the malicious code
- use a tool named Metasploit Airpwn to hijack unencrypted Web traffic and pretend to be a different server
- "IMSI-catcher" equipment can be used to pose as a cell tower. The device would be forced into voice only mode and thus switch to WIFI instantly since radio software does not support data