Researchers at Independent Security Evaluators have used the vulnerability to take malicious control of the iPhone from rogue websites loaded with the exploit. Once in, researchers have full administrative access over the phone allowing them to listen in on room audio or snatch the SMS log, address book, call history, email passwords and more — we’re talking full access to your phone.
Researchers note that the only way to stay safe is to check those URLs and only visit sites that you trust (which isn’t very reassuring) and “may or may not be exploitable” from Mac and PC versions of Safari — the same vulnerability exists only they haven’t written the proof-of-concept exploit to test it yet.
Apple has been notified of the vulnerability and a proposed fix with full public disclosure coming at the BlackHat conference on August 2nd. You listening InfoSec Sellout? That’s how you report a bug. Check the exploit in video form after the break.