Friday, March 11, 2011, 12:50 pm PT (03:50 pm ET)
Apple expected to release iOS 4.3.1 'soon' to patch Safari vulnerabilityOn the heels of the release of iOS 4.3, Apple is expected to introduce an incremental update for its mobile devices, including the new iPad 2, to patch a newly discovered security hole in the Safari Web browser.
A vulnerability for the iOS mobile operating system was exposed this week at the Pwn2Own hacking contest by researcher Charlie Miller. As first reported by Redmond Pie, Miller noted on Twitter that he won the iPhone-specific portion of the event with his hack, but also communicated with Apple to share the exploit he used.
"Apple already has the vulnerability information and will patch soon," Miller wrote.
The exploit reportedly takes advantage of a hole in the iOS to bypass Address Space Layout Randomization. ASLR is a new security feature introduced by Apple in iOS 4.3.
The rules of the contest required that Miller and his hacking partner, colleague Dion Blazakis, not release the vulnerability to the public, where a malicious hacker could take advantage of it. Instead, the information has only been shared with Apple.
Miller is a renowned hacker and security expert who has also won the CanSecWest Pwn2Own security conference in the past. In 2009, he discovered a hack that could be sent via text message and would allow a hacker to take remote control of an iPhone. The issue was patched by Apple.
On Topic: iPhone
- Walmart discounts 16GB iPhone 5c to 97 cents, 16GB iPhone 5s to $79 for 90 days
- First photos of purported 5.5-inch 'iPhone 6' rear shell compare part to 4.7-inch model
- Purported 'iPhone 6' render shows sub-1mm rear camera lens protrusion
- Photos of supposed fully assembled 'iPhone 6' chassis surface
- Microscopic analysis, iOS 8 code point to new 4.7-inch 'iPhone 6' display resolutions