Pwn2Own Bug Not Fixed in iOS 4.3.1

The entire internet assumed that the freshly minted iOS 4.3.1 would be rolled out explicitly to fix a nasty vulnerability found during the Pwn2Own contest, but according the the hacker who discovered said hole, it does not. We have no clue why Apple has chosen to ignore it, though it’s possible that the smug folks at Cupertino think that the addition of ASLR and DEP will be “enough” protection.

via @0xcharlie

iOS 4.3.1 does not fix the pwn2own bug. It’s weird they fixed it in the next os x update after the contest, but not the next iPhone update.

The exploit is able to hijack a user’s Address Book through Mobile Safari, but since the details of the vulnerability are known only to Miller and Apple, there shouldn’t be any need to fret.

Post a response / What do you think?