On the second day of competition Pwn2Own, experts have managed to topple the iPhone 4 and a BlackBerry. However, IOS 4.3 already prevents this attack. Charlie Muller, already known to have penetrated the iPhone 2G and 3G, took advantage of a security flaw in the system to access data from the device and take control.
iOS 4.3 does not fix the flaw, but adds an extra layer of protection that is blocking the attack passed by Safari and requested the establishment of a malicious site. Indeed, the latest update brings the ASLR or the random distribution of the address space. Specifically, the data are randomly placed in the address space of virtual memory.
It is therefore impossible to exploit the flaw as Mr. Miller has done with iOS 4.2.1. The ASLR is not yet a seamless solution, since it is present in Mac OS X and it has been bypassed yesterday (see "Safari and IE Pwn2Own fall"). BlackBerry is also dropped due to a flaw in WebKit, the rendering engine of Internet page that the company has recently decided to use.
The experts were able to steal the address book of the terminal and the images in its memory. They also have written to the device. To achieve their purposes, they created a website that could circumvent the protections put in place and execute malicious code. The fact that the OS does not support the ASLR or DEP (Data Execution Prevention) which is supposed to prevent code execution from the memory blocks containing data to facilitate the work of researchers.
The absence of such technology was also strongly criticized.
iOS 4.3 does not fix the flaw, but adds an extra layer of protection that is blocking the attack passed by Safari and requested the establishment of a malicious site. Indeed, the latest update brings the ASLR or the random distribution of the address space. Specifically, the data are randomly placed in the address space of virtual memory.
It is therefore impossible to exploit the flaw as Mr. Miller has done with iOS 4.2.1. The ASLR is not yet a seamless solution, since it is present in Mac OS X and it has been bypassed yesterday (see "Safari and IE Pwn2Own fall"). BlackBerry is also dropped due to a flaw in WebKit, the rendering engine of Internet page that the company has recently decided to use.
The experts were able to steal the address book of the terminal and the images in its memory. They also have written to the device. To achieve their purposes, they created a website that could circumvent the protections put in place and execute malicious code. The fact that the OS does not support the ASLR or DEP (Data Execution Prevention) which is supposed to prevent code execution from the memory blocks containing data to facilitate the work of researchers.
The absence of such technology was also strongly criticized.
- Internet Explorer and Safari first to fall at Pwn2Own 2011, Chrome and Firefox still standing (10/03/2011)
- Geohot to hack Windows Phone 7 at Pwn2Own (04/03/2011)
- Pwn2Own 2011: On cue, Apple drops massive Safari, iOS patches (09/03/2011)
- Chrome Owns Pwn2Own, Google's $20K Safe (10/03/2011)
- Google's Chrome Untouched at Pwn2Own Hack Event (10/03/2011)
IOS (Apple) (homepage)  IOS (Apple) (wikipedia)  iPhone 4 (homepage)  Pwn2Own (wikipedia)  
No comments:
Post a Comment