Earlier this week, a third party package named "iPhone firmware 1.1.3 prep" became available via Installer.app. ModMyiPhone.com was first to identify it as malicious, and F-Secure later confirmed the low-risk threat.
The trojan installation package contains false application installation information that causes legitimate third party applications to be removed if the trojan is uninstalled from the iPhone.
The package was quickly removed from distribution after identification of malicious characteristics. Additionally, F-Secure states that the author was an "11-year-old kid playing with XML files." F-Secure warns that a more experienced coder could have done more damage.
Security will be one of the top concerns of Apple's upcoming SDK, as Steve Jobs had alluded to Nokia's system of digitally signing applications.
Nokia, for example, is not allowing any applications to be loaded onto some of their newest phones unless they have a digital signature that can be traced back to a known developer. While this makes such a phone less than "totally open," we believe it is a step in the right direction. We are working on an advanced system which will offer developers broad access to natively program the iPhones amazing software platform while at the same time protecting users from malicious programs.
