Search the App Store for iPhone antivirus software, and you'll find only a handful of security programs. There's a reason that the market is so soft: Apple's stringent app-vetting process and the architecture of iOS products—which partitions, or “sandboxes,” code to protect the device—have helped keep iPhones and iPads safe. Sandboxing, which restricts an app's reach, would also limit any antivirus program's effectiveness.

Now researchers at the Georgia Institute of Technology Information Security Center have identified and exploited two weaknesses to infect iPhones. One team disguised phone-hijacking code inside a seemingly benign app, thereby escaping detection by Apple's app reviewers. In the second attack, a team exploited a vulnerable USB connection with an imitation plug-in charger that installs malware.

The researchers alerted Apple to their findings before going public, prompting the company to implement defenses in the new iOS 7. More loopholes are sure to be found. And even if antivirus software were readily available, it might not be able to find or disable malicious code. “When you download an antivirus app, because of sandboxing there are limits to what it can do,” says Charlie Miller, a security engineer at Twitter. “It can't scan the entire device.”