Somebody or some group seems to have found a exploitable buffer overflow in the iPhone's baseband
processor. The baseband processor is the subsystem of the phone that talks to the
GSM network. The overflow seems to be in the SIM Toolkit manager.
The exploit lets one upload code into the baseband, so one could insert some application
into your iPhones baseband. The this application would be mostly undetectable since
the memory can not be read from the application processor.
Lets see what happens with this little thing...
Subject: [gsm] JerrySIM -> Executing shellcode on the iPhone baseband
JerrySIM leaked yesterday. It was posted here:
The exploit code has been removed shortly after but google cached it
already :/ It's out.
The program exploits a bug in the SIM Toolkit manager (which is running
on the baseband) and thus enables the execution of shellcode directly
on the baseband.
This is good work.
This has the potential to turn the iPhone into a listening device.
It still requires a lot of work and I do not know if any of the iPhone
hackers is working on it.
 Exploit code from Google cache