I told you a few days ago that Charlie Miller, a famous hacker and IT security expert, will try to break the iPhone 4 using a userland exploit based on the Safari browser. Well, Charlie Miller managed to win the Pwn2Own contest based on this exploit, managing to use the vulnerability in Safari to extract the contact address of an iPhone 4. The exploit requires the iPhone to access a certain website and it didn't work the first time, but the second attempt had success, Charlie Miller gaining access to the terminal's system files.
The attack simply requires that the target iPhone surfs to a rigged web site. On the first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
If you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won't work. I'd have to bypass DEP and ASLR for this exploit to work. As of 4.3, because of the new ASLR, it will be much harder.
Unfortunately, this exploit works without problems only on iOS 4.2.1, but on iOS 4.3 the ASLR implemented by Apple makes it difficult to exploit the system. For now it is not known if this exploit could be used to make an untethered userland jailbreak for iOS 4.3, but the important thing is that the vulnerability exists and in the hands of skilled people it could be turned into a jailbreak solution.
