As an avid Apple user and semi-security expert I was interested in this story on a supposed flaw with Apple’s new iPhone:

“Hackers could take control of an iPhone if its owner visits a doctored Web site or Internet hotspot, security researchers reported Monday.

The vulnerability of the vaunted device, Apple Inc.’s first cell phone, is only theoretical for now. There are no reports of criminals actually taking advantage of the security glitch to remotely access an iPhone.

But if it were exploited, hijacked iPhones could be very useful to the same gangs that take over personal computers and use them to disseminate spam, said Charlie Miller, principal security analyst at Independent Security Evaluators, which discovered the flaw.”

During the years there have been more than enough these types of reports that attempt to show a vunerability based on nothing more than speculation and what “ifs” scary scenarios. However those in the industry know that great way to sell something – especially in the security arena – is to “create” an exploit and then hit the press release button.

Security Evaluators plans to “demonstrate” the “hole” in the iPhone’s security on August 2nd and has also offered the details on the exploit to Apple as well as a patch.

They – of course – have a self-promoting website which offers nothing but hypotheticals on what “may” happen or “could” happen if one uses the browser to visit a spoofed website. Of course they fail to tell us that this could happen with any browser in any medium, and thus is “not anything news”. In fact the Unofficial Apple Weblog pretty much refutes most of the story.

As I said this is a keen way of driving media attention to your company, but it’s also illegal if the information you have put out is found to be malicious, untrue or contrived to produce a profit.

If the latter the DOJ may be interested in talking a look, and perhaps the SEC as well.