Posted on March 26, 2011 by   Charlie Miller, iOS 4.3.1, Pwn2Own   3 Comments

Mobile Safari still vulnerable to Pwn2Own exploit after 4.3.1 firmware update

    Yesterday we announced that iOS 4.3.1 had been released. This update was predicted by many after a security expert, Charlie Miller won the Pwn2Own contest by revealing an exploit that would grant a hacker access to a users contact list after the user had surfed to a rigged website. After surfing to the website, the browser would crash and it when it was re-launched the hacker would have complete access to the users contacts.

    However, as it turns out, the 4.3.1 update that was released yesterday doesn't even address the issue as pointed out by none other than Charlie Miller himself. This seems strange since the hole was immediately patched and an update pushed to OSX for the same loophole.

    It is still unclear exactly what the 4.3.1 update was for, but now that we know that they didn't fix the Pwn2Own exploit, maybe Apple did find the jailbreak exploit after all. We are hoping they didn't!

    , , , , , , , ,
    • http://1stblogger.com/ 1stblogger

      Bigger issue here is that Miller isn’t allowed to reveal the bug per contest rules. So, unless someone gets exceedingly lucky, it’s not going to be used for a jailbreak.

      • http://iphoneblogr.com JaeM1llz

        It’s not meant to be used as a jailbreak. The exploit simply allows a hacker to gain access to your contact list after visiting a rigged website on your device. Miller has already stated that this exploit will not help unlocking or jailbreaking.

        • http://non.com Brad

          This is actually incorrect. This exploit can be used to jailbreak a device as it needs the ability to run arbitrary code in order to mess with contacts. This power then is obviously root access and all that needs to be done is [dpkg -i "cydia.deb"] and there you have a JAILBROKEN iPhone.