Gradly
  • About Me
  • Portfolio
  • My Blog
  • Contact Me

  • Untethered Jailbreak To Be Postponed Until Apple Releases iOS 4.3.1

    March 12, 2011 // Gradly // Apple, blog, Jailbreak, News, Rants & Raves, Rumors Tags: Apple, blog, Charlie Miller, Exploit, iOS 4.3, iPhone, iPhone 4, Jailbreak, Pwn2Own, Pwned, Safari No Responses

    After the successful iOS 4.3 Untethered Jailbreak (video below), the hacker behind the exploit seemingly will hold his jailbreak until Apple releases iOS 4.3.1.

    With Apple already baking 4.3.1 the first one releasing an iOS 4.3 jailbreak will pretty much burn the exploit 😛

    Well Apple should release 4.3.1 very soon, because tomorrow everybody knows that @0xcharlie popped an iPhone 4 at #pwn2own through Safari.

    The hacker expected that Apple will release iOS 4.3.1 specially after the hackers (at Pwn2Own contest) has successfully hacked iPhone 4 via vulnerability which found in Mobile Safari running iOS 4.2.1.

    [Tweets [1], [2]]

  • Charlie Miller Wins Again by Hacking into iPhone 4

    March 11, 2011 // Gradly // Apple, blog, Funny, Jailbreak, News, Rants & Raves Tags: Apple, blog, Charlie Miller, Exploit, iPhone, iPhone 4, Pwn2Own, Pwned, Safari 1 Response

    After The French security firm Vupen hacked Safari in just a few seconds here comes a new winning story but this time hacking into iPhone 4.

    Charlie Miller kept his Pwn2Own winning streak intact with another successful hack of an Apple product. This time by successfully hacking into iPhone 4 using an exploit found in Mobile Safari to swipe the address book of the compromised iPhone.

     

    The attack simply required that the target iPhone surfs to a rigged web site.  On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.

    Miller said the attack works perfectly against an iPhone running iOS 4.2.1 but will fail against the newest iOS 4.3 update. Apple has quietly added ASLR (address space layout randomization) to iOS 4.3, a key mitigation that puts up an extra roadblock for hackers.

    In an interview with ZDNet, Miller said:

    If you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won’t work. I’d have to bypass DEP and ASLR for this exploit to work.

    As of 4.3, because of the new ASLR, it will be much harder.