Security researcher Charlie Miller, who has found many flaws and vulnerabilities in Mac OS X in the past, presented a new iPhone bug at the Black Hat Europe security conference. Discussing something he had just found – hence the “possible” in this article’s title – Miller claimed that shellcode can be run on the iPhone. Shellcode is code run from the command line, or, in Mac OS X, the Terminal application, which allows access to the entire filesystem as well as hundreds of different commands. Cited in a Macworld article, Miller said that, if an exploit were developed that got past the initial barriers, “this would allow you to run whatever code you want.”
For now, this is more of a warning than anything else. Mac OS X can run shellcode – in fact, many Trojan horses exploit this ability – but this is an inherent part of the operating system. The real issue is exploits that may be able to launch this code on an iPhone, and we’re waiting for those to arise.
