November 18, 2024
Charlie Miller Wins Pwn2Own With Safari Based iPhone Exploit

Charlie Miller Wins Pwn2Own With Safari Based iPhone Exploit

Posted March 10, 2011 at 9:16pm by iClarified
Charlie Miller has won Pwn2Own again using a Safari based iPhone exploit, according to a ZDNET report.

Miller partnered with colleague Dion Blazakis from Independent Security Evaluators on the winning exploit.

The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.



Miller told ZDNet that the attack works perfectly on iOS 4.2.1 but currently doesn't work on iOS 4.3 because he hasn't bypassed DEP and ASLR.

"If you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won't work. I'd have to bypass DEP and ASLR for this exploit to work," Miller said.

It's unclear whether this exploit could result in workable jailbreak. Earlier today, I0n1c posted a video demonstrating an untethered jailbreak on iOS 4.3.

Read More



Charlie Miller Wins Pwn2Own With Safari Based iPhone Exploit
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (1)
You must login or register to add a comment...
?
? - March 10, 2011 at 10:17pm
Nerds, gotta love them
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sonoma
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS