Charlie Miller Wins Pwn2Own With Safari Based iPhone Exploit
Posted March 10, 2011 at 9:16pm by iClarified
Charlie Miller has won Pwn2Own again using a Safari based iPhone exploit, according to a ZDNET report.
Miller partnered with colleague Dion Blazakis from Independent Security Evaluators on the winning exploit.
The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
Miller told ZDNet that the attack works perfectly on iOS 4.2.1 but currently doesn't work on iOS 4.3 because he hasn't bypassed DEP and ASLR.
"If you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won't work. I'd have to bypass DEP and ASLR for this exploit to work," Miller said.
It's unclear whether this exploit could result in workable jailbreak. Earlier today, I0n1c posted a video demonstrating an untethered jailbreak on iOS 4.3.
Read More
Miller partnered with colleague Dion Blazakis from Independent Security Evaluators on the winning exploit.
The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
Miller told ZDNet that the attack works perfectly on iOS 4.2.1 but currently doesn't work on iOS 4.3 because he hasn't bypassed DEP and ASLR.
"If you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won't work. I'd have to bypass DEP and ASLR for this exploit to work," Miller said.
It's unclear whether this exploit could result in workable jailbreak. Earlier today, I0n1c posted a video demonstrating an untethered jailbreak on iOS 4.3.
Read More