Source:
Ars TechnicaArs spoke with a mobile security expert who discovered the problem (who asked to remain anonymous because he did not have approval to talk about the issue). He told Ars that the issue is one of trust: "Who would you trust to change your iPhone configuration over the air? Your carrier? Your company? Your IT security admin?" he asked. Apple uses SCEP as a way for the iPhone to check in with a certificate server to verify that a mobileconfig file has been signed by a trusted source, but flaws in the set-up on the iPhone mean that the process doesn't always work as intended.
The problem stems from Apple's implementation of SCEP, which is a protocol to manage public key infrastructure for closed systems. For instance, SCEP can be used to manage security certificates and policies for iPhones deployed by an enterprise IT department. Unfortunately, the iPhone uses Safari's list of certificate authorities instead of a much more narrowly defined set for authorizing OTA mobileconfig files. Furthermore, it only requires that certificates used to sign mobileconfig files be signature only, instead of a more secure type of certificate that specifies how it can be used.
Read more:
http://arstechnica.com/apple/news/2010/02/security-flaw-puts-iphone-users-at-risk-of-phishing-attacks.ars
What? Apple fall down on security? It can't be.
Jay