A major flaw in the Apple iPhone’s browser opens the device to attack
through a malicious wireless access point or Web server, the security
firm that discovered the vulnerability announced on Monday.

Because of some poor security choices in the phone’s design, an
attacker could install code to steal any and all data on the iPhone by
exploiting a flaw in Apple’s MobileSafari browser, the company,
Independent Security Evaluators, said in a general analysis of the issue.
An attack could use a link sent through e-mail or by an SMS (short
message service) text message, or use an attacker-controlled wireless
access point to execute a man-in-the-middle to redirect the iPhone’s
browser to the malicious code.