Forbes has confirmed the effect on the iPhone 3G, while Zambrini claims that any iPod or earlier-generation iPhone will also succumb to the bug. "I'm actually surprised that it's crashing the device rather then crashing the web browser, because that means he's got a kernel vulnerability in the iPhone," says Cameron Hotchkies, an engineer and Apple expert for TippingPoint.

Zambrini could attempt to profit from his discovery if Apple or other company is willing to pay for the information. "If he wanted to cash in on it he could always try taking it to us or one of the other exploit-purchasing companies," says Hotchkies. The systems engineer could also allegedly be looking for employment with Apple, although he may not be on a list of favored individuals. He has in the past applied for an iPhone security engineer position, but has not received a response.

Zambrini says he is researching the extent of the security flaw to find out if the bug could be used by malware to inject arbitrary code. So far he has not found a way to exploit the flaw at a higher level. "We can't say it's not possible, this thing needs to be studied a little deeper," he notes.