David Harley, ESET's director of malware intelligence, said that the worm issues highlight the inherent problem with whitelisting.
A whitelist in security terms is a list - or register - of entities that, for one reason or another, are being provided a particular privilege, service, mobility, access or recognition.
According to Harley, "if people can find a way to increase convenience or entertainment value, many of them will cheerfully sacrifice security in order to achieve it".
In theory whitelisting on the iPhone works by allowing access only to Apple approved applications or websites, ESET said.
This makes the iPhone relatively secure. It also restricts what users can do with their iPhone - unless, of course, until the user jailbreaks (unlocks) their phone.
ESET said one of the applications that people have been installing on their jailbreaked smartphone is an iPhone friendly implementation of SSH, which opens a secure channel between systems for the exchange of data, including files, using associated secure protocols.
Unfortunately, an Australian student, among others, noticed that if people jailbreaked their iPhone and installed SSH and failed to change their default passwords, they became vulnerable to attackers who could gain privileged access to their devices.
As reported by Infosecurity last month, the student wrote a trivial worm that changed their wallpaper and, for a while, the source code was available.
Within a very short period, a multi-platform hacker tool appeared, capable of transferring data to another device or computer, followed by a functional worm driven botnet, using the same exploit.
"The iPhone hacks are a pretty good illustration of why whitelisting, though effective when it can be enforced, isn't more popular as a technique for securing computers and devices. In addition, well-meaning but poorly-implemented security software has been an issue in the Mac arena since way before OSX (Apple's primary operating system) emerged from its chrysalis. These two factors combined made the iPhone hack possible", said Harley.
"Although it should also be pointed out that iPhone hosted anti-virus is not going to ride to the rescue here, at least, not in the near future. Apple has yet to show any signs of approving any anti-malware application for the iPhone, and will, indeed be influenced by its own perception that there is no Apple security problem", he added.
The good news Harley said is that there is unlikely that there will be a deluge of iPhone malware in the near future, as ESET's intelligence shows this is a single loophole affecting relatively few iPhone users.
In addition, after the publicity over the last couple of weeks, ESET said it hopes that the number of potential victims is rapidly declining as the news spreads and people take action.
When compared to the sheer volume of known malware for Symbian OS-based devices (several hundred threats), this is a trickle, though numerically it is now comparable to known malware for Windows Mobile/CE devices.
According to ESET, users that have already jailbroken their iPhone are advised - at the very least - to change default passwords. Those considering jailbreaking should be aware that it breaks the license agreement with Apple and may affect user support.