Maybe you all have read about the authentication bug found by Bernd Marienfeldt in May 2010. I tested this against my 3G after doing the upgrade to IOS4. It worked directly using libimobiledevice under my Backtrack installation (I don’t have plain Ubuntu here). Now I thought that the device is still vulnerable because I only did an upgrade and not a full recovery. So I did the full recovery and tested my iPwn against this vuln. Guess what, it’s still vulnerable!
I get asked by my customers every now and then why I do not recommend the iPhone in an enterprise environment. My default answer is:”Because it is vulnerable as hell and iPhone is the source of all evil!” They usually ask for demo or exploit and all I can tell them is that all exploits will be kept privately because they might have the potential to be used for an unlock or jailbreak. Now this is something worth for a short demo at the customer site… harhar