With over 17 million iPhones sold, there are a lot of people who should be paying closer attention to their text messages.
"This is a new exploit that Apple has not patched, so anyone who has an iPhone could potentially be at risk," said CNET.com executive editor Tom Merritt.
A pair of security researchers, Collin Mulliner and Charlie Miller, have disclosed attacks can be sent through SMS or text messages.
"Once they gain control of your phone, they can use it to do a lot, including sending text messages to everybody in your address book, spreading the attack that way," explained Merritt.
Even worse, an attacker can disable the phone from making or receiving calls. Text messages are automatically received as long as the phone is switched on. The attack can be identified by a square-like symbol instead of text.
Phil Zimmermann, a well-known Internet security expert who created the encryption program PGP, says it was just a matter of time.
"They aren't just phones anymore, they're computers which happen to also be phones and so these computers are connected continuously to the Internet, and so they can be attacked just like our computers can," said Zimmerman.
The researchers documented the vulnerability in a 21-page report. They told Apple about the problem six weeks ago.
Apple did not return our call to see if it is working on a patch and when it might be available.
Apple's iPhone is not alone. So are other mobile phones and operating systems, according to security software company McAfee in Santa Clara.
"They've actually found vulnerabilities, not just in the iPhone software, but also in Google Android phones as well as Windows mobile phones, and they're all vulnerable through SMS or the text message service," said Joris Evers of McAffee.
The researchers said if attacked, turning the phone off and back on would help. But an attack can grab personal information in seconds, and without a patch, malicious text messages can be sent over and over.
The vulnerability of the iPhone is indeed serious because it has become a transactional device containing lots of information, and in the wrong hands, can do a lot of damage.