iPhone was once again exploited by security expert, Charlie Miller, at the Pwn2Own contest in Vancouver. At Pwn2Own contest, Charlie Miller successfully hacked iPhone 4 using a Mobile safari exploit which swipe the address book of the compromised iPhone 4.
At Pwn2Own contest, if you are the fastest to hack, you get it. The devices range from iPhone, and Blackberry to MacBook and laptops. Google had even offered a $20,000 reward to anyone who could hack Chrome browser. But day 2 was all about the iPhone 4, and was once again exploited by security expert, Charlie Miller…
The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
The Safari exploit also exists in the latest firmware; iOS 4.3. However, it’s hard to inject any code into iOS 4.3 because of ASLR (Address Space Layout Randomization) which Apple has implemented in the latest version of iOS. iOS devices running iOS 4.2.1 or below are still vulnerable to this exploit.
if you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won’t work. I’d have to bypass DEP and ASLR for this exploit to work.
As of 4.3, because of the new ASLR, it will be much harder.