Safari exploit used to gain control of iPhone at Pwn2Own
A team of Dutch researchers used a WebKit vulnerability in Mobile Safari to gain access to a fully patched iPhone 4S during a recent mobile Pwn2Own challenge. The attack circumvented Apple's code-signing requirements and grabbed the entire address book, photo and video database and web browsing history. It could not download SMS or emails from the device because those databases were not accessible and also encrypted.
Though it was executed against an iPhone 4S with iOS 5, the vulnerability is also present in iOS 6. The Dutch team, led by Joost Pol of Certified Secure and colleague Daan Keuper, tested the exploit in the gold master version of iOS 6. They also confirmed it worked on all previous versions of the iPhone, iPad and iPod touch. Unless an update to iOS 6 happens before launch day, it will also be possible on an iPhone 5.
From detection to completed code, the exploit took about three weeks to develop and refine. You can read more about the exploit and Dutch research team on ZDnet's website.
A team of Dutch researchers used a WebKit vulnerability in Mobile Safari to gain access to a fully patched iPhone 4S during a recent...
Subscribe to Newsletter
Software Updatesmore updates
- Readdle rolls out PDF Expert 5: iCloud support, shared folder with Documents by Readdle
- FlightTrack 5: new look and features just in time for holiday travel
- HBO Go for iOS update adds Google Chromecast support
- Haiku Deck updates iPad app, launches web-based cloud version
- Weather Underground iPhone app gets crowdsourced weather, iOS 7 style
- Apple updates iMovie, adds support for older Macs