Never miss an update Follow AppleInsider
Friday, March 11, 2011, 03:50 pm
Apple expected to release iOS 4.3.1 'soon' to patch Safari vulnerability
On the heels of the release of iOS 4.3, Apple is expected to introduce an incremental update for its mobile devices, including the new iPad 2, to patch a newly discovered security hole in the Safari Web browser.A vulnerability for the iOS mobile operating system was exposed this week at the Pwn2Own hacking contest by researcher Charlie Miller. As first reported by Redmond Pie, Miller noted on Twitter that he won the iPhone-specific portion of the event with his hack, but also communicated with Apple to share the exploit he used.
"Apple already has the vulnerability information and will patch soon," Miller wrote.
The exploit reportedly takes advantage of a hole in the iOS to bypass Address Space Layout Randomization. ASLR is a new security feature introduced by Apple in iOS 4.3.
The rules of the contest required that Miller and his hacking partner, colleague Dion Blazakis, not release the vulnerability to the public, where a malicious hacker could take advantage of it. Instead, the information has only been shared with Apple.
Miller is a renowned hacker and security expert who has also won the CanSecWest Pwn2Own security conference in the past. In 2009, he discovered a hack that could be sent via text message and would allow a hacker to take remote control of an iPhone. The issue was patched by Apple.
iOS 4.3 was released by Apple on Wednesday, and it will come preinstalled on new iPad 2 units sold starting today. One of its biggest improvements came in the Safari browser, with JavaScript rendering speeds twice as fast as in iOS 4.2, thanks to the Nitro engine ported from Mac OS X.
On Topic: iPhone
- Rumor: Apple to vastly expand color options with this year's 'iPhone 5S' & low-cost iPhone
- Apple granted patents on push-to-talk, double-sided touch panel
- Samsung Galaxy S4 & Google Now accused of violating Apple patents for Siri
- AT&T to bring FaceTime over cellular to all customers by end of year
- Apple debuts new iPhone discounts, subsidies to gain ground in India
Previous Comments View All
So basically, a whole 500 mb update for one flaw.
Quote:
Originally Posted by ghostface147 
So basically, a whole 500 mb update for one flaw.
So basically, a whole 500 mb update for one flaw.
Yea, that's what I'm thinking too.
I'm not a software expert, so maybe someone can enlighten me. Why is it that OS X can download a 10 MB, 100 MB, etc. patch, but iOS and iOS apps need to completely re-download?
Was Miller's the only successful breakthrough? Maybe Apple will collect all of the hacks and do all of the patches before releasing an update. I think it's time for that new security expert Apple hired from the NSA to hand Miller his @$$ with an OS and Safari that Miller can't break through. Hasn't happened yet.
Quote:
Originally Posted by ghostface147
So basically, a whole 500 mb update for one flaw.
So basically, a whole 500 mb update for one flaw.
No. There will be more than just that. The Safari they updated to is nowhere near the current WebKit Nightly.
Quote:
Originally Posted by mdriftmeyer
No. There will be more than just that. The Safari they updated to is nowhere near the current WebKit Nightly.
No. There will be more than just that. The Safari they updated to is nowhere near the current WebKit Nightly.
Aren't they working with WebKit2 now? I haven't done the nightly downloads in a while, so I'm sort of out of the loop. Seems to me that Apple could do more, yet isn't. Who is that NSA guy anyway? Has he actually started work?
The phone Charlie Miller hacked was running 4.2.1 he stated "If you update your iPhone today, the MobileSafari vulnerability is still there, but the exploit won't work. I'd have to bypass DEP and ASLR for this exploit to work".
So he didn't bypass ASLR.
Source
Quote:
Originally Posted by Brian Green
Aren't they working with WebKit2 now? I haven't done the nightly downloads in a while, so I'm sort of out of the loop. Seems to me that Apple could do more, yet isn't. Who is that NSA guy anyway? Has he actually started work?
Aren't they working with WebKit2 now? I haven't done the nightly downloads in a while, so I'm sort of out of the loop. Seems to me that Apple could do more, yet isn't. Who is that NSA guy anyway? Has he actually started work?
WebKit Nightly isn't WebKit2 enabled. You still have to build that along with WebGL and other features. A ton of work has gone into WebKit 2 as it's nearing a point of release as the replacement to WebKit.
Latest WebKit Nightly is build r80833.
WebKit2 is enabled in OS X 10.7 Lion developer previews.
I'm betting on them calling it Safari 6 for OS X and probably Safari 6 Mobile for iOS 5.
They better have WebKit2 enabled in Leopard and Snow Leopard as there is no reason for them not to do so. None of the technologies are Lion specific.
Quote:
Originally Posted by mdriftmeyer
They better have WebKit2 enabled in Leopard and Snow Leopard as there is no reason for them not to do so. None of the technologies are Lion specific.
They better have WebKit2 enabled in Leopard and Snow Leopard as there is no reason for them not to do so. None of the technologies are Lion specific.
Couldn't the same thing be said about 64-bit Safari in Snow Leopard which could have probably made it to Leopard or even Tiger?
Quote:
Originally Posted by hill60
The phone Charlie Miller hacked was running 4.2.1 he stated If you update your iPhone today, the MobileSafari vulnerability is still there, but the exploit wont work. Id have to bypass DEP and ASLR for this exploit to work.
So he didn't bypass ASLR.
Source
The phone Charlie Miller hacked was running 4.2.1 he stated If you update your iPhone today, the MobileSafari vulnerability is still there, but the exploit wont work. Id have to bypass DEP and ASLR for this exploit to work.
So he didn't bypass ASLR.
Source
Good to know. By the time someone figures outhow to bypass ASLR this vulnerability will likely be patched.
Latest Apple Headlines
-
Rumor: Apple to vastly expand color options with this year's 'iPhone 5S' & low-cost iPhone
~46 minutes ago -
Apple's fifth-gen iPad rumored to debut after 'iPhone 5S,' feature rear mic
~1 hour ago -
Microsoft caught lying about tablet size in comparison to Apple's iPad
~1 hour ago -
Apple's iAd first major mobile ad-network to get Media Ratings Council accreditation
~2 hours ago -
Dubai hotel provides guests with iMacs, 24-karat gold iPad
~3 hours ago - more...
Want to write for AppleInsider? Submit your application now!
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.99 | $329.99 |
| 32GB WiFi | |
$429.99 | $429.99 |
| 64GB WiFi | |
$529.99 | $529.99 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.99 | $459.99 | $459.99 |
| 32GB 4G White | $559.99 | $559.99 | $559.99 |
| 64GB 4G White | $659.99 | $659.99 | $659.99 |
| 16GB 4G Black | $459.99 | $459.99 | $459.99 |
| 32GB 4G Black | $559.99 | $559.99 | $559.99 |
| 64GB 4G Black | $659.99 | $659.99 | $659.99 |
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| Core i5 MacBook Pros w/ Retina | ||
| 13" 2.5GHz/8GB/128GB | $1,406.48 | $292.52 |
| 13" 2.5GHz/8GB/256GB | $1,479.99 | $519.01 |
| 13" 2.5GHz/8GB/512GB | $1,699.99 | $799.01 |
| Core i7 MacBook Pros w/ Retina | ||
| 13" 2.9GHz/8GB/256GB | $1,599.99 | $599.01 |
| 13" 2.9GHz/8GB/512GB | $1,799.99 | $899.01 |
| 15" 2.3GHz/8GB/256GB | $1,899.99 | $299.01 |
| 15" 2.6GHz/8GB/512GB | $2,299.99 | $568.01 |
| 15" 2.7GHz/16GB/768GB | $2,699.99 | $499.01 |
And all iPhone 3G users are from now on using unpatched systems. And the iPhone 3G was sold in US until last summer. I think Apple should really supply security patches for at least a year for its products. An iPhone 3G bought last May is still under the one-year warranty but no longer receives security patches.