We actually took it easy on Apple in our interpretation of the white-paper. see this:
There are some kind of damning points from a security perspective. There is no way that Apple should have written every app with admin privileges. That's just stupid.
I'd say that's a rather extreme statement. You do realize every Mac Apple sells ends up with admin privileges by default, don't you? There may be more Apple can do with that, but most of what anyone would care about on the phone needs to have their permissions anyway. It's not really the kind of device for multiple users. And most people aren't even going to password protect the device. So everything that could be stolen would be available from anyone who stole or found the phone. When you hear people talking about needing to lock down the iPhone to security levels below administrator they're not rally providing any constructive advice. Admin doesn't give anyone root access to the phone. It just give someone the user name of an admin. They'd still need to crack the password.
As it's been said before, this sounds like standard buffer overflow exploit (or maybe more hype than anything). Locking down the user account to a non-admin would still have read access to all of the files they're claiming access to.