Saturday, March 26, 2011

iOS 4.3.1 Does Not Fix Pwn2Own iPhone Exploit

The iOS 4.3.1 update released yesterday does not fix the Pwn2Own exploit discovered by Charlie Miller.

iOS 4.3.1 does not fix the pwn2own bug. It's weird they fixed it in the next os x update after the contest, but not the next iPhone update.

More time for the bad guys to get their bindiff->iPhone exploit workflow going.

The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.

It's unclear why Apple didn't fix the widely publicized exploit.

*thanks iclarified*

Our new Forum is now open here or on the top tabs marks Forums, please register and post.. For the latest limera1n, rubyra1n, and all tech stories, follow us on Twitter at @iphonepixelpost or @limerain_com
- Posted using my iPhone 4

No comments:

Post a Comment