Recently, reports have surfaced that the non jailbroken versions of the highly popular Apple iPhone may be vulnerable to direct memory attack, because of attempts to force execution of unsigned code.

A student at the University of Milan recently announced that he had found a way to force unsigned code to be run using a sophisticated memory hack.

Limitations imposed by Apple code-signing requirements have meant that security researchers had overlooked non jailbroken phones due to the native security already present. The general consensus was that difficulties in exploiting a platform requiring code signing, such as the iPhone, are wide ranging and innumerable, compared to the exploiting of other more mundane devices.

Thanks to software updates dealing with existing security issues, Apple has managed to create a device that is relatively secure because of their proprietary code-signing requirements. This code signing has resulted in enhanced security for the iPhone device, when compared to other more open platforms.

The details of the announcement regarding this potential exploit show that hackers can upload non-executable code to memory and then, by simply changing a register, can make that code executable. With the latest version of the iPhone operating system due to ship any day now, this may only be a temporary problem.

But if this attack exists and remains un-patched, the possibilities for remote attackers to exploit the Apple iPhone are endless. It could range from remote eavesdropping to stealing sensitive information and credit card details.

Whilst the Apple platform is fundamentally secure due to the way the software company has locked the iPhone down, numerous vulnerabilities have been revealed in the past.

With the new iPhone 3.0 OS, it will be interesting to see which vulnerabilities Apple managed to eliminate and also what weaknesses the new operating system will create.