This post has already been read 4001 times!
There is a lot of buzz regarding this article that was printed in the NYT this morning. ISE (Independent Security Evaluators) found that not only does every process run as root on the iPhone, the heap is executable. So they fuzzed mobileSafari till they found an overflow, which allowed them to execute any API call on the iPhone. More details are in their white-paper at their site (and direct link is below). They notified Apple back on the 17th of July.
THere white paper discussing their discover techniques and findings is here.
I suppose we’ll be getting our first iPhone update fairly soon now.