Slash LaneA vulnerability for the iOS mobile operating system was exposed this week at the Pwn2Own hacking contest by researcher Charlie Miller. As first reported by Redmond Pie, Miller noted on Twitter that he won the iPhone-specific portion of the event with his hack, but also communicated with Apple to share the exploit he used.
"Apple already has the vulnerability information and will patch soon," Miller wrote.
The exploit reportedly takes advantage of a hole in the iOS to bypass Address Space Layout Randomization. ASLR is a new security feature introduced by Apple in iOS 4.3.
The rules of the contest required that Miller and his hacking partner, colleague Dion Blazakis, not release the vulnerability to the public, where a malicious hacker could take advantage of it. Instead, the information has only been shared with Apple.
Miller is a renowned hacker and security expert who has also won the CanSecWest Pwn2Own security conference in the past. In 2009, he discovered a hack that could be sent via text message and would allow a hacker to take remote control of an iPhone. The issue was patched by Apple.
iOS 4.3 was released by Apple on Wednesday, and it will come preinstalled on new iPad 2 units sold starting today. One of its biggest improvements came in the Safari browser, with JavaScript rendering speeds twice as fast as in iOS 4.2, thanks to the Nitro engine ported from Mac OS X.
Charles Martin
Malcolm Owen
William Gallagher
20 Comments
And all iPhone 3G users are from now on using unpatched systems. And the iPhone 3G was sold in US until last summer. I think Apple should really supply security patches for at least a year for its products. An iPhone 3G bought last May is still under the one-year warranty but no longer receives security patches.
So basically, a whole 500 mb update for one flaw.
So basically, a whole 500 mb update for one flaw.
Yea, that's what I'm thinking too.
I'm not a software expert, so maybe someone can enlighten me. Why is it that OS X can download a 10 MB, 100 MB, etc. patch, but iOS and iOS apps need to completely re-download?
Was Miller's the only successful breakthrough? Maybe Apple will collect all of the hacks and do all of the patches before releasing an update. I think it's time for that new security expert Apple hired from the NSA to hand Miller his @$$ with an OS and Safari that Miller can't break through. Hasn't happened yet.
So basically, a whole 500 mb update for one flaw.
No. There will be more than just that. The Safari they updated to is nowhere near the current WebKit Nightly.