The iOS 4.3.1 update released yesterday does not fix the Pwn2Own exploit discovered by Charlie Miller.
iOS 4.3.1 does not fix the pwn2own bug. It's weird they fixed it in the next os x update after the contest, but not the next iPhone update.
More time for the bad guys to get their bindiff->iPhone exploit workflow going.
The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
It's unclear why Apple didn't fix the widely publicized exploit.
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (9)
Comments are closed for this article.
0
Rui Fonseca - March 28, 2011 at 5:54am
i just found out about this https://www.iclarified.com/entries/index.php?caid=1&scid=25
but i don't know if that works, and i don't want do anything that can damage my new ipad2
do you think that is legit.?
0
Rui Fonseca - March 28, 2011 at 5:55am
sorry i mean this link http://www.ifunia.com/ipad-column/howto-jailbreak-ipad-with-spirit-on-mac.html
0
561a5e7 - March 28, 2011 at 12:08am
Where is the @#$# unlock at
0
krak4211 - March 27, 2011 at 2:41am
Charlie Miller is awesome! This dude finds the weirdest exploits and doesn't take advantage of them like everyone else would. Props to you Charlie Miller!
0
Travis - March 27, 2011 at 12:37am
This exploit never worked on 4.3 and still doesn't. Charlie Miller needs to work around ASLR (which is designed specifically to make this kind of attack difficult) or he needs to STFU.
0
Harrykojak - March 26, 2011 at 9:37pm
Maybe apple is throwing in the towel fighting against jailbreakers
0
Madmuho - March 26, 2011 at 8:19pm
@tim
After reading that you are my hero....hahahahahhaa
0
famleon - March 26, 2011 at 7:29pm
"It's unclear why Apple didn't fix the widely publicized exploit.' maybe because no one will deliver the solution.. maybe apple is more worried about other things instead worried about some hackers that will not deliver it... Why finding exploits, that will never be used or distributed...
0
das - March 26, 2011 at 3:00pm
why cant this vulnerability be used for jailbreaking?
![TSMC Enters 'Combat Readiness Mode' as 2nm Capacity Fills Up, Apple Secures Early Access [Report]](/images/news/99826/99826/99826-160.jpg "TSMC Enters 'Combat Readiness Mode' as 2nm Capacity Fills Up, Apple Secures Early Access [Report]")
![Beats Powerbeats Pro 2 Drop to $199.95 [Deal]](/images/news/99815/99815/99815-160.jpg "Beats Powerbeats Pro 2 Drop to $199.95 [Deal]")
![Apple Watch Series 11 Drops Back to All-Time Low of $299 [Deal]](/images/news/99283/99283/99283-160.jpg "Apple Watch Series 11 Drops Back to All-Time Low of $299 [Deal]")
![Apple AirPods 4 With Active Noise Cancellation Drop to $119 [Deal]](/images/news/99794/99794/99794-160.jpg "Apple AirPods 4 With Active Noise Cancellation Drop to $119 [Deal]")
![AirPods Pro 3 Return to All-Time Low Price of $199 [Deal]](/images/news/99752/99752/99752-160.jpg "AirPods Pro 3 Return to All-Time Low Price of $199 [Deal]")
![Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]](/images/news/99729/99729/99729-160.jpg "Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]")
