As balle already pointed out, there is a major Bluetooth Bug in iPhones. The SDP-Service can be exploited to execute arbitrary code. The funny thing with iPhones is, that even when Inquiry Scan is disabled (“hidden Bluetooth device”) it’s easy to find out the Bluetooth Address of an iPhone: The WiFi-address is the Bluetooth address incremented by one. When you know the MAC Address of the iPhone, you also know the Bluetooth address.
Another interesting thing: The Metasploit Framework about to be ported to the iPhone. All the applications seem to run as UID 0 on the iPhone – this is going to be fun!