Charlie Miller did it again. The security expert who is famous for exploiting Apple Safari browser for the last 3 years has hacked the iPhone 4 security at the Pwn2Own hacking event. Miller has won the contest for the 4th time one after another.
@dionthegod has tweeted:
@0xcharlie @dancaselden and I won the iPhone PWN2OWN. What a pain in the ass — glad it wasn’t iOS 4.3 (vuln still there, tho) :)
Note that iPhoen 4 device which they hacked into was not running the latest iOS 4.3 final version. Most likely it was the golden master version. But it does not really matter and the exploit was able to work on the final version as well.
ZDNET reports that “the attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book. Miller partnered with colleague Dion Blazakis to successfully exploit the Apple device using a MobileSafari flaw to swipe the iPhone 4?s address book.”
They were rewarded:
- the same iPhone 4 device
- a cash price of $15,000 USD
- A 20,000 ZDI reward points are also given to them making them eligible to qualify for Silver Standing which requires $5,000 USD cash payment.
- 15% monetary bonus on all ZDI submission in 2011
- 25% reward point bonus on all ZDI submissions in 2011
- Paid travel and registration to DEFCON Conference in Las Vegas
We congratulate @dionthegod, @0xcharlie and @dancaselden for getting this success.
You may also like to see:
- Another iPhone 4 Jailbreak Exploit For iOS 4.3 Found
- Microsoft IE8 & Apple Safari Hacked In Pwn2Own Contest, Google Chrome Safe
- Ring/Vibrate Or Copy Anyone’s iPhone AddressBook Etc. Apple Removed Miller’s Developer Account
Stay tuned to VeryRite.com to get more updates from the technology world.