December 28, 2024
iOS 4.3.1 Does Not Fix Pwn2Own iPhone Exploit

iOS 4.3.1 Does Not Fix Pwn2Own iPhone Exploit

Posted March 26, 2011 at 2:53pm by iClarified
The iOS 4.3.1 update released yesterday does not fix the Pwn2Own exploit discovered by Charlie Miller.

iOS 4.3.1 does not fix the pwn2own bug. It's weird they fixed it in the next os x update after the contest, but not the next iPhone update.

More time for the bad guys to get their bindiff->iPhone exploit workflow going.



The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.

It's unclear why Apple didn't fix the widely publicized exploit.

Read More


iOS 4.3.1 Does Not Fix Pwn2Own iPhone Exploit


Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (9)
You must login or register to add a comment...
Rui Fonseca
Rui Fonseca - March 28, 2011 at 5:54am
i just found out about this https://www.iclarified.com/entries/index.php?caid=1&scid=25 but i don't know if that works, and i don't want do anything that can damage my new ipad2 do you think that is legit.?
Rui Fonseca
Rui Fonseca - March 28, 2011 at 5:55am
sorry i mean this link http://www.ifunia.com/ipad-column/howto-jailbreak-ipad-with-spirit-on-mac.html
561a5e7
561a5e7 - March 28, 2011 at 12:08am
Where is the @#$# unlock at
krak4211
krak4211 - March 27, 2011 at 2:41am
Charlie Miller is awesome! This dude finds the weirdest exploits and doesn't take advantage of them like everyone else would. Props to you Charlie Miller!
Travis
Travis - March 27, 2011 at 12:37am
This exploit never worked on 4.3 and still doesn't. Charlie Miller needs to work around ASLR (which is designed specifically to make this kind of attack difficult) or he needs to STFU.
Harrykojak
Harrykojak - March 26, 2011 at 9:37pm
Maybe apple is throwing in the towel fighting against jailbreakers
Madmuho
Madmuho - March 26, 2011 at 8:19pm
@tim After reading that you are my hero....hahahahahhaa
famleon
famleon - March 26, 2011 at 7:29pm
"It's unclear why Apple didn't fix the widely publicized exploit.' maybe because no one will deliver the solution.. maybe apple is more worried about other things instead worried about some hackers that will not deliver it... Why finding exploits, that will never be used or distributed...
das
das - March 26, 2011 at 3:00pm
why cant this vulnerability be used for jailbreaking?
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS