iOS 4.3.1 Does Not Fix Pwn2Own iPhone Exploit
Posted March 26, 2011 at 2:53pm by iClarified
The iOS 4.3.1 update released yesterday does not fix the Pwn2Own exploit discovered by Charlie Miller.
iOS 4.3.1 does not fix the pwn2own bug. It's weird they fixed it in the next os x update after the contest, but not the next iPhone update.
More time for the bad guys to get their bindiff->iPhone exploit workflow going.
The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
It's unclear why Apple didn't fix the widely publicized exploit.
Read More
iOS 4.3.1 does not fix the pwn2own bug. It's weird they fixed it in the next os x update after the contest, but not the next iPhone update.
More time for the bad guys to get their bindiff->iPhone exploit workflow going.
The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
It's unclear why Apple didn't fix the widely publicized exploit.
Read More