Latest in Iphone

Image credit:

Safari exploit used to gain control of iPhone at Pwn2Own

Kelly Hodgkins, @kellyhodgkins
September 20, 2012
Share
Tweet
Share

Sponsored Links

A team of Dutch researchers used a WebKit vulnerability in Mobile Safari to gain access to a fully patched iPhone 4S during a recent mobile Pwn2Own challenge. The attack circumvented Apple's code-signing requirements and grabbed the entire address book, photo and video database and web browsing history. It could not download SMS or emails from the device because those databases were not accessible and also encrypted.

Though it was executed against an iPhone 4S with iOS 5, the vulnerability is also present in iOS 6. The Dutch team, led by Joost Pol of Certified Secure and colleague Daan Keuper, tested the exploit in the gold master version of iOS 6. They also confirmed it worked on all previous versions of the iPhone, iPad and iPod touch. Unless an update to iOS 6 happens before launch day, it will also be possible on an iPhone 5.

From detection to completed code, the exploit took about three weeks to develop and refine. You can read more about the exploit and Dutch research team on ZDnet's website.

In this article: iPhone, iPhone 4S, Iphone4s, Pwn2Own, Safari
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

NASA works to secure the OSIRIS-REx asteroid sample

NASA works to secure the OSIRIS-REx asteroid sample

View
The Morning After: Amazon Echo (2020) review

The Morning After: Amazon Echo (2020) review

View
What we bought: Our favorite USB-C chargers

What we bought: Our favorite USB-C chargers

View
Custom PS5 covers are already a thing

Custom PS5 covers are already a thing

View
A massive spam attack is ruining public 'Among Us' games

A massive spam attack is ruining public 'Among Us' games

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr