New iPhone certificate attack
An anonymous researcher recently outlined a chain of vulnerabilities and attack that was performed on the iPhone using a VeriSign S/MIME Email Certificate in part of the attack. The researcher obtained a Class 1 certificate, which is a low-assurance e-mail certificate that people use for encryption only. The e-mail address is the only authenticated information in the certificate. The identity name is not authenticated, by design.
The iPhone attack exploited a weakness in the iPhone that required a certificate chained to a root that the iPhone trusted. While a VeriSign cert was chosen, any certificate that chained to any root trusted by the iPhone would have sufficed. Contrary to some misinterpretations of the story, VeriSign did not incorrectly issue a certificate in Apple's name, and there was no error in the VeriSign authentication practices.
The Cryptopath blog, which unveilled the flaw, offered this comment:
It is relatively easy to obtain a signature certificate from many of them [Certificate Authorities] without any sort of verification. A demo signature certificate can be obtained from VeriSign without need for anything other than a valid e-mail address (throwaway addresses work, too) for sixty days at no price and without providing any credit card details... VeriSign is not to blame for this in any way.