Charlie Miller has once again won the Pwn2Own contest by successfully hacking iPhone 4 using an exploit found in Mobile Safari to swipe the address book of the compromised iPhone.
The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
The interesting thing though is that iPhone 4 running on the recently released iOS 4.3 is safe from this vulnerability, sort of. This is because of ASLR (Address Space Layout Randomization) which Apple has implement in the latest version of iOS. However the exploit exists in iOS 4.3 and will need ASLR to be bypassed (which is much harder to do) in order to inject any code. iOS devices running iOS 4.2.1, and below are vulnerable to this exploit.
In an interview with ZDNet, Miller said:
If you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won’t work. I’d have to bypass DEP and ASLR for this exploit to work.
As of 4.3, because of the new ASLR, it will be much harder.
You can follow us on Twitter or join our Facebook fanpage to keep yourself updated on all the latest from Microsoft, Google and Apple.