The Security Detail

Mar 12 2011   1:28AM GMT

Safari Exploit Used to Hack iOS

Tony Bradley Tony Bradley Profile: Tony Bradley

Apple rolled out the latest version of its mobile operating system this week–iOS 4.3–as a prelude to the launch of the iPad 2. Among a myriad of updates and new features included in iOS 4.3, Apple included a new securtiy control to help protect iOS-based mobile devices from malicious attack.

ASLR (address space layout randomization) randomize the location of core system functions to make them more difficult to locate and exploit. That is, when it works. Charlie Miller was able to bypass the ASLR protection and hack an iOS to win the iPhone portion of the Pwn2Own competition using a security hole in the iOS version of the Safari Web browser.

Miller has shared the details of the flaw with Apple, and Apple is reportedly working on an incremental update for iOS 4.3. Expect to see an iOS 4.3.1 update very soon.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: