In just 20 seconds, a fully patched iPhone gets hacked and its SMS
database compromised. All SMS text messages deleted.
This was what a pair of European researchers shown in Pwn2Own 2010 hacking contest.
All it takes was for them to lure a phone user to a rigged website, crashing the browser but still running it in the background. The hijacking of the SMS database takes about 20seconds.
The the entire process which involves finding the vulnerability to writing the
exploit took about 2 weeks. The duo, Vincenzo Iozzo and Ralf Philipp Weinmann won a total of $15,000 and of course get to keep the hijacked phone.
Of course, the exploit is reported to Apple for their patching, details of the exploit is withheld until patch is released.