Charlie Miller has (for the third time) hacked the iPhone 4 at the yearly Pwn2Own competition. He took advantage of a vulnerability found in Mobile Safari, which simply requires that a user navigate to a malicious site for their Address Book to be hijacked. The unit in question was running iOS 4.2.1, but Miller states that the vulnerability is still in iOS 4.3—though the exploit would need to be tweaked due to the addition of ASLR and DEP (Data Execution Prevention).
“If you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won’t work. I’d have to bypass DEP and ASLR for this exploit to work.”
“The first one [in 2007] was really, really easy. They had nothing, no sandboxing. Everything was running as root. It was super easy. The SMS one [in 2009] was harder because of DEP but there were no sandbox issues because the process that controlled SMSes wasn’t in a sandbox.”
“As of 4.3, because of the new ASLR, it will be much harder.”
Miller won $15,000 for the exploit, and got to keep the iPhone 4. The desktop version of Safari was also the first browser to be compromised at this year’s Pwn2Own (Google Chrome is still standing strong). The vulnerabilities found are confidential between the hackers and developers.
Apple will be releasing an x.x.1 update to patch the hole, which may delay a 4.3 jailbreak.