Researcher Finds iPhone 3G FlawResearcher Finds iPhone 3G Flaw

There is a bug in iPhones and iPods that could enable hackers to crash the devices, according to independent security consultant Piergiorgio Zambrini.

Zambrini said the flaw is in the audio portion of Apple's video format. A malicious program could be crafted that incorporates the bug into a video file and would crash the Apple device when the file is run. The bug does not cause permanent damage, but makes the iPhone or iPod crash and reboot.

In an interview with Forbes.com, the security expert said he discovered the flaw in July and notified Apple. The vulnerability does not appear to enable arbitrary code injection, but Zambrini said the exploit needs to be studied deeper.

The security researcher said he has not been contacted by Apple's security team yet, and he does not plan to release the technical details to the public. Apple has not responded to press inquiries as of this writing.

"I'm actually surprised that it's crashing the device rather than crashing the Web browser, because that means he's got a kernel vulnerability in the iPhone," Cameron Hotchkies, Apple expert for TippingPoint, told Forbes.

The bug is not the first exploit that has been found with Apple's popular handset. Last year, researchers discovered security flaws in the smartphone's Safari browser that potentially enabled a remote attacker to steal information. The bugs were triggered when a user visited a malicious Web page, and Apple quickly rolled out patches.

Zambrini is best known for the creating the ZiPhone application, which unlocked the original iPhone so customers could choose a different carrier, as well as install nonapproved applications.