Charlie Miller has once again won the Pwn2Own contest by successfully hacking iPhone 4 using an exploit found in Mobile Safari to swipe the address book of the compromised iPhone.
The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
The interesting thing though is that iPhone 4 running on the recently released iOS 4.3 is safe from this vulnerability. This is because of ASLR (Address Space Layout Randomization) which Apple has implement in the latest version of iOS. Only iOS 4.2.1, and below are vulnerable to this exploit.
In an interview with ZDNet, Miller said:
If you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won’t work. I’d have to bypass DEP and ASLR for this exploit to work.
As of 4.3, because of the new ASLR, it will be much harder.
Charlie Miller, known for exploiting Safari browser for the past 3 years, have ripped apart iPhone 4 security today at Pwn2Own 2011 hacking contest at Vancouver. This genius won the contest for the 4th time consecutively.
Miller partnered with colleague Dion Blazakis to successfully exploit the Apple device using a MobileSafari flaw to swipe the iPhone 4′s address book. After winning, Dion tweeted:
@0xcharlie @dancaselden and I won the iPhone PWN2OWN. What a pain in the ass — glad it wasn’t iOS 4.3 (vuln still there, tho)
The iPhone 4 was running iOS 4.2.1, but @0xcharlie said the exploit is also present in iOS 4.3. Apple has added ASLR (Address Space Layout Randomization) to the latest firmware update, which makes the firmware a bit more complicated to hack. It was not mentioned what kind of harm does the exploit bring.
Apple has received the exploit information so that means they may release iOS 4.3.1 anytime soon.
0 comments:
Post a Comment