As mentioned by “greenmymac” and covered by The Register, full access to contacts (and, hence, browser, e-mail, SMS…) is as simple as a press of the “Emergency Call” key from the passcode entry screen, followed by a double-tap on the home button, which – as The Register puts it – “takes the miscreant into favourites…” (why we in the States leave out the “u” is a sad mystery).
Ryan gave the CVE database a scan and noticed that this is not Apple’s first encounter with this error. CVE-2008-0034, which was identified back in January and fixed in the 1.x series firmware, noted this issue and is yet-another sign of Apple’s lack of commitment to security on the iPhone (guess they should have fixed more than just bugs in 2.0.2).
It would be greatly appreciated if any readers in an enterprise configuration (i.e. with a stronger passcode and a centralized provisioning environment) would drop a note in the comments letting me (and other TAB readers) know if you are impacted by this vulnerability as well. All TAB readers are invited to post your your thoughts in the comments on Apple’s latest security faux-pax.