Before being able to answer that you would need to determine if it is
really OSX or a much stripped down kernel what was cross compiled for
something like an ARM processor.

You would also need to determine if you can load arbitrary
applications on the phone or if they have to be "mobile osxizied"
first.

Finally you would need to figure out how much code share there is
between OSX desktop and OSX mobile. WinCE for instance has a serious
problem in that there is no good unified way to update it. Since there
is a large amount of code share between the Windows desktop OSes and
WinCE if a vulnerability, like an image format, is released that
affects XP you can be pretty sure it also exists in WinCE. With out
a great way to patch it thought that vulnerability might be around
alot longer and still be a big risk.

I think the biggest risk will come from file format vulnerabilities
that a person could receive via email or web surfing. Of course this
is also true for WinCE. An interesting thing to look at will be the
Bluetooth implementation.

On 1/9/07, Todd Woodward <todd_woodward (at) symantec (dot) com [email concealed]> wrote:
> With Steve Jobs letting loose the details of the iPod phone at Macworld Expo today, according to "Uncle Steve" it will be running an embedded version of Mac OS X.
>
> None of us will be able to get our hands on it until June. However, I was wondering out loud to a Security Response friend about the potential security implications of an embedded/mobile Mac OS X. His logical response: "I'd say no more or less than a WinCE, Symbian, PalmOS, Blackberry, etc."
>
> It's still very early for the iPod phone, but I wanted to open things up for comments and discussion on mobile device security.
>
> ____________
> Todd D. Woodward
> Product Support Analyst
> Security Response Researcher
> Enterprise Macintosh Products
>
> Symantec Corporation
> www.symantec.com
> Office:541-335-7441
>
> "Confidence in a Connected World"
>

[ reply ]