A security flaw in the new iPhone 2.0.2 software was uncovered last night by a MacRumors forum user. To expose the flaw you must have your iPhone password protected. When you turn on the phone and get to the “Enter Passcode” screen, hit the “Emergency Call” button. From here, double click the main iPhone button and you’ll be taken to your phone’s “Favorites” menu. This should not happen.

The problem is that from this menu I can make calls to or text message anyone on the favorites list. You can also see all of their contact information. If they have hyperlinks in their Info area, you will also be able to browse the web. If they have an email address, you will be able to email them. All of this can be done without entering the password for your iPhone. Obviously, that’s a big problem.

Expect Apple to have a fix for his soon. Until then, Cult of Mac points out an easy temporary fix. Go to your phone’s Settings, click on the General button, and select “Home Button.” Here, change the default action for double-clicking the home button to “Home” instead of “Phone Favorites.

[photo: flickr/flomiscuous.com]