The Security Detail

Mar 12 2011   1:28AM GMT

Safari Exploit Used to Hack iOS



Posted by: Tony Bradley
Tags:
ASLR
iOS 4.3
iPad
iPhone
Safari

Apple rolled out the latest version of its mobile operating system this week–iOS 4.3–as a prelude to the launch of the iPad 2. Among a myriad of updates and new features included in iOS 4.3, Apple included a new securtiy control to help protect iOS-based mobile devices from malicious attack.

ASLR (address space layout randomization) randomize the location of core system functions to make them more difficult to locate and exploit. That is, when it works. Charlie Miller was able to bypass the ASLR protection and hack an iOS to win the iPhone portion of the Pwn2Own competition using a security hole in the iOS version of the Safari Web browser.

Miller has shared the details of the flaw with Apple, and Apple is reportedly working on an incremental update for iOS 4.3. Expect to see an iOS 4.3.1 update very soon.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: