"There are serious problems with the design and implementation of security on the iPhone," said the company in a Security Evaluation paper (PDF) on the flaw.
"The most glaring is that all processes of interest run with administrative privileges. This implies that a compromise of any application gives an attacker full access to the device."
The exploit uses a web page with malware built in that can access the phone via the Safari browser.
This can either be used to force the phone to send personal information stored in its files or to take control of the device and make it place outgoing calls to other numbers.
"Unfortunately, once an iPhone application is breached by an attacker, very little prevents the attacker from obtaining complete control of the system," the team said.
"Additionally, no address randomisation is used in by the operating system. This means that each time a process runs, the stack, heap and executable code is located at precisely the same spot in memory. This helps attackers write reliable exploit code."
Matt Bancroft, vice president at mobile device management company Mformation, said: "All mobile phones are becoming more powerful, and the iPhone is really a sophisticated mini computer.
"As we get more powerful mobile devices, it is inevitable that we will get more security issues and threats to mobile devices.
"The key is to manage the device once it is in the hands of the user. Being able to update or patch the security and applications over the air in an ever-changing environment is the way forward."
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime
The observations were made using the Atacama Array in the Chilean desert
J1043+2408 was observed for more than 10 years, and its radio light curve exhibited a periodic signal repeating in about 563 days