iPhone Turned into Pocket-Sized Hacking Platform

One such observation: The iPhone has a potential security pitfall in that its MobileMail application supports Microsoft Office document formats by using the OfficeImporter framework when converting files into viewable form. "This looks like a great target for file-format fuzzing and some late-night reverse engineering,"
Another potential way for attackers to get into the phone is through the mDNSResponder service, which runs by default, The mDNSResponder, used by iTunes for music sharing, is part of the Bonjour application suite, which provides automatic and transparent configuration of network devices.
When the iPhone first syncs with iTunes, its host name is changed, The default hostname becomes "User's iPhone," with the Mac OS X user account name filling in for "User." If the iPhone is connected to a Wi-Fi network, the mDNS service exposes the iPhone owner's user name.
By the time the security show rolled around, Independent Security Evaluators had already revealed, shortly after the smart phone's release, that Apple's popular multifunctional device could be exploited for data theft or snooping purposes.
At the time, one created an exploit for the iPhone's Safari Web browser wherein they used an unmodified device to surf to a maliciously crafted drive-by download site. The site downloaded exploit code that forced the iPhone to make an outbound connection to a server controlled by the security firm.

The researchers showed that a compromised device then could be forced to send out personal data, including SMS text messages, contact information, call history, voice mail information, passwords, e-mail messages and browsing history.
"It's going to be such good times," one blogger wrote . "…we have the accessibility/vector. What we need are market saturation (some predict 14M sold by end of 2008,) a mesh networking application (or something to cross-connect the myriad of networking options) and an attractive application to encourage the owners to share amongst each other (say, some funky music sharing application or social networking tie-in, or instant messaging.) That'll lay the ground work for some very effective malware."

This is based on moore's work