Charlie Miller, a security expert who managed to jailbreak iOS 4.3 during the Pwn2Own hacking contest, has revealed an interesting piece of information about 4.3.1. According to Mr. Miller, the Safari exploit uncovered at Pwn2Own is still un-patched in Apple’s latest build of iOS.

An official jailbreak has yet to be released for 4.3.1, but the fact that this obvious exploit still exists points to the possibility of a jailbreak solution similar to JailbreakMe. There is no concrete evidence that this bug will be used in a jailbreak tool for iOS 4.3.1…

This specific exploit was present in Safari on the Mac and Mobile Safari for iOS. In the 10.6.7 update for OS X, Apple patched the exploit. In iOS 4.3.1, the bug still exists.

iClarified explains the exploit,

“The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.”

Charlie Miller does point out that this exploit does not mean anything for jailbreaking or unlocking by itself. It would only help with providing a method for a jailbreak solution.

This bug could mean that comex’s next jailbreak tool will work very similarly to the JailbreakMe website. Or it could mean that Apple will push out a 4.3.2 build of iOS to fix the exploit.

What do you think this exploit could mean for jailbreaking? Will we see a web-based tool like JailbreakMe in the near future? Only time will tell.

[iSpazio]

  • Koppis

    “managed to jailbreak iOS 4.3”
    “this exploit does not mean anything for jailbreaking or unlocking by itself”

    Whaaaaaa-
    Now I’m confused.

  • This article is incorrect, it says that Charlie Miller used the exploit he developed for Pwn2Own to jailbreak 4.3 in reality, the exploit allowed him access to a users contact list after they surfed to a rigged website, it had absolutely nothing to do with jailbreaking whatsoever.

  • Pete

    Fail!

  • Bigger issue here is that Miller isn’t allowed to reveal the bug per contest rules. So, unless someone gets exceedingly lucky, it’s not going to be used for a jailbreak.

  • Billy

    How come you guys are not covering the newly-found tethered jailbreak for 4.3.1
    I would think it’d be breaking news for your site

    http://bit.ly/fNf3gQ

  • Bradibiza

    Numpties

    The aim off the address book is to prove he’s back doored into the phone.

    Do you not think these geeks play world of war craft together, and he’d swap the hack for a magic sword?

    • He stands to lose the money he won, plus his job (doubt his employer would like the negative press). He won’t do it.

  • Anonymous

    Helps if you actually read instead of just trying to “create” news

  • William

    This shows how Apple really doesn’t care about security, only about $$$$.

    • Carlos

      Yawn… zzzzzzzzzzzzzzz… whereas Microsoft and Google and every other commercially-connected organisation with products to sell, are up all night long wringing their hands and tearing their hair out, afraid to put out any products unless they are completely secure (no matter how impossible that would actually be)?! Ever hear of consumer choice and satisfied customers? If Apple are getting it so wrong how come they’re actually doing so well? Luck? Or are the people who buy their products just plain stupid?

  • billy

    Wooowww.. My comment is awaiting moderation? Because I posted a tip about news you haven’t posted?? Wooowww that is SO LAMEEEE
    It’s then era of electronic journalism, site visitors, too, can supply tips

  • Greg

    Fail! 🙂

  • Matthew

    Lets hope that it can help with jailbreaking. I would love to see the return of JailbreakMe, because I loved the fact that I could jailbreak someones iPhone almost anywhere as long as they had an internet connection (I jailbroke my mother’s iPhone 3G while she was saying that “Jailbreaking will brick my phone, I need a computer to do it, and it’s confusing, so I’m not doing it!”).

  • Tom

    So… does that mean Jailbreakers got PWND even though Apple didn’t really do anything……….? -______________-