We owe Apple an apology, because it turns out they weren’t kidding when they said that opening the iPhone up to 3rd party software was just asking for trouble. That’s because the iPhone runs every single app as “root,” which is computerese for “more power than Steve Jobs.” It was this root access that made the Safari exploit possible back in July, and it can’t be fixed without a complete redesign of the firmware.

Last week, another exploit was documented and made public—one that could allow someone to take remote control of an iPhone and access its call logs, operate its camera, track its location, and so on. “As long as everything runs as root, there are going to be bugs and people are going to find them (to take over the device),” says a security expert.

What’s baffled experts is why Apple designed the operating system like this in the first place:

“The principle of ‘least privilege’ is a fundamental security principle,” says Geer. “Best practices say that if you need minimal authority to do (something on a system), then you don’t need to have more authority than that to get it done.”

Apple’s own OS X computer operating system doesn’t suffer from this security flaw—but it could explain Apple’s strong desire to keep the iPhone software locked down until they work out a way to fix it.

“IPhone’s Security Rivals Windows 95 (No, That’s Not Good)” [Wired]
(Photo: Getty)

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.