Never miss an update Follow AppleInsider
Friday, March 11, 2011, 03:50 pm
Apple expected to release iOS 4.3.1 'soon' to patch Safari vulnerability
On the heels of the release of iOS 4.3, Apple is expected to introduce an incremental update for its mobile devices, including the new iPad 2, to patch a newly discovered security hole in the Safari Web browser.A vulnerability for the iOS mobile operating system was exposed this week at the Pwn2Own hacking contest by researcher Charlie Miller. As first reported by Redmond Pie, Miller noted on Twitter that he won the iPhone-specific portion of the event with his hack, but also communicated with Apple to share the exploit he used.
"Apple already has the vulnerability information and will patch soon," Miller wrote.
The exploit reportedly takes advantage of a hole in the iOS to bypass Address Space Layout Randomization. ASLR is a new security feature introduced by Apple in iOS 4.3.
The rules of the contest required that Miller and his hacking partner, colleague Dion Blazakis, not release the vulnerability to the public, where a malicious hacker could take advantage of it. Instead, the information has only been shared with Apple.
Miller is a renowned hacker and security expert who has also won the CanSecWest Pwn2Own security conference in the past. In 2009, he discovered a hack that could be sent via text message and would allow a hacker to take remote control of an iPhone. The issue was patched by Apple.
iOS 4.3 was released by Apple on Wednesday, and it will come preinstalled on new iPad 2 units sold starting today. One of its biggest improvements came in the Safari browser, with JavaScript rendering speeds twice as fast as in iOS 4.2, thanks to the Nitro engine ported from Mac OS X.
On Topic: iPhone
- Leaked schematics reveal what case makers expect Apple's low-cost iPhone & 'iPhone 5S' will look like
- High resolution images claim to show 'iPhone 5S' and iPhone 5 display assemblies side-by-side
- Briefly: Sprint LTE service expands to 22 more areas
- Inside iOS 7: Apple's Weather app gets animated
- Case intended for Apple's low-cost iPhone shows thicker, rounded design
Previous Comments View All
So basically, a whole 500 mb update for one flaw.
Quote:
Originally Posted by ghostface147 
So basically, a whole 500 mb update for one flaw.
So basically, a whole 500 mb update for one flaw.
Yea, that's what I'm thinking too.
I'm not a software expert, so maybe someone can enlighten me. Why is it that OS X can download a 10 MB, 100 MB, etc. patch, but iOS and iOS apps need to completely re-download?
Was Miller's the only successful breakthrough? Maybe Apple will collect all of the hacks and do all of the patches before releasing an update. I think it's time for that new security expert Apple hired from the NSA to hand Miller his @$$ with an OS and Safari that Miller can't break through. Hasn't happened yet.
Quote:
Originally Posted by ghostface147
So basically, a whole 500 mb update for one flaw.
So basically, a whole 500 mb update for one flaw.
No. There will be more than just that. The Safari they updated to is nowhere near the current WebKit Nightly.
Quote:
Originally Posted by mdriftmeyer
No. There will be more than just that. The Safari they updated to is nowhere near the current WebKit Nightly.
No. There will be more than just that. The Safari they updated to is nowhere near the current WebKit Nightly.
Aren't they working with WebKit2 now? I haven't done the nightly downloads in a while, so I'm sort of out of the loop. Seems to me that Apple could do more, yet isn't. Who is that NSA guy anyway? Has he actually started work?
The phone Charlie Miller hacked was running 4.2.1 he stated "If you update your iPhone today, the MobileSafari vulnerability is still there, but the exploit won't work. I'd have to bypass DEP and ASLR for this exploit to work".
So he didn't bypass ASLR.
Source
Quote:
Originally Posted by Brian Green
Aren't they working with WebKit2 now? I haven't done the nightly downloads in a while, so I'm sort of out of the loop. Seems to me that Apple could do more, yet isn't. Who is that NSA guy anyway? Has he actually started work?
Aren't they working with WebKit2 now? I haven't done the nightly downloads in a while, so I'm sort of out of the loop. Seems to me that Apple could do more, yet isn't. Who is that NSA guy anyway? Has he actually started work?
WebKit Nightly isn't WebKit2 enabled. You still have to build that along with WebGL and other features. A ton of work has gone into WebKit 2 as it's nearing a point of release as the replacement to WebKit.
Latest WebKit Nightly is build r80833.
WebKit2 is enabled in OS X 10.7 Lion developer previews.
I'm betting on them calling it Safari 6 for OS X and probably Safari 6 Mobile for iOS 5.
They better have WebKit2 enabled in Leopard and Snow Leopard as there is no reason for them not to do so. None of the technologies are Lion specific.
Quote:
Originally Posted by mdriftmeyer
They better have WebKit2 enabled in Leopard and Snow Leopard as there is no reason for them not to do so. None of the technologies are Lion specific.
They better have WebKit2 enabled in Leopard and Snow Leopard as there is no reason for them not to do so. None of the technologies are Lion specific.
Couldn't the same thing be said about 64-bit Safari in Snow Leopard which could have probably made it to Leopard or even Tiger?
Quote:
Originally Posted by hill60
The phone Charlie Miller hacked was running 4.2.1 he stated If you update your iPhone today, the MobileSafari vulnerability is still there, but the exploit wont work. Id have to bypass DEP and ASLR for this exploit to work.
So he didn't bypass ASLR.
Source
The phone Charlie Miller hacked was running 4.2.1 he stated If you update your iPhone today, the MobileSafari vulnerability is still there, but the exploit wont work. Id have to bypass DEP and ASLR for this exploit to work.
So he didn't bypass ASLR.
Source
Good to know. By the time someone figures outhow to bypass ASLR this vulnerability will likely be patched.
Latest Apple Headlines
-
Apple TV update adds HBO Go, WatchESPN & more channels
~10 minutes ago -
Leaked schematics reveal what case makers expect Apple's low-cost iPhone & 'iPhone 5S' will look like
~2 hours ago -
Apple wins $30 million iPad contract from LA school district
~2 hours ago -
Inside iOS 7: iBeacons enhance apps' location awareness via Bluetooth LE
~4 hours ago -
High resolution images claim to show 'iPhone 5S' and iPhone 5 display assemblies side-by-side
~11 hours ago - more...
Want to write for AppleInsider? Submit your application now!
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.00 | $329.00 |
| 32GB WiFi | |
$429.00 | $429.00 |
| 64GB WiFi | |
$529.00 | $529.00 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.00 | $459.00 | $459.00 |
| 32GB 4G White | $559.00 | $539.99 | $559.00 |
| 64GB 4G White | $659.00 | $659.00 | $629.99 |
| 16GB 4G Black | $459.00 | $459.00 | $459.00 |
| 32GB 4G Black | $559.00 | $539.99 | $539.99 |
| 64GB 4G Black | $659.00 | $659.00 | $629.99 |
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| 11"1.3GHz/4GB/128GB | $964.18* | $34.82 |
| 11" 1.3GHz/8GB/128GB | $1,061.18* | $37.82 |
| 11" 1.3GHz/8GB/256GB | $1,255.18* | $43.82 |
| 11"1.7GHz/8GB/128GB | $1,206.68* | $42.32 |
| 11"1.7GHz/8GB/256GB | $1,400.68* | $48.32 |
| 11" 1.7GHz/8GB/512GB | $1,691.68* | $57.32 |
| 13" 1.3GHz/4GB/128GB | $1,061.18* | $37.82 |
| 13" 1.3GHz/4GB/256GB | $1,255.18* | $43.82 |
| 13" 1.3GHz/8GB/256GB | $1,352.18* | $46.82 |
| 13" 1.3GHz/8GB/512GB | $1,643.18* | $46.82 |
| 13" 1.7GHz/8GB/256GB | $1,497.00* | $52.00 |
| 13" 1.7GHz/8GB/512GB | $1,788.68* | $60.32 |
* price with Promo Code:
APPLEINSIDER01
|
||
| Click for even more configurations | ||
And all iPhone 3G users are from now on using unpatched systems. And the iPhone 3G was sold in US until last summer. I think Apple should really supply security patches for at least a year for its products. An iPhone 3G bought last May is still under the one-year warranty but no longer receives security patches.