Stefan Esser’s untethered iOS 4.3 jailbreak may not be coming as soon as we thought after all. The hacker mentioned that his kernel exploit is “dependent” and will work, if and only if someone identifies a new bootrom exploit or a tethered jailbreak on iOS 4.3 using the existing limera1n exploit.
Since there is no public bootrom exploit for the iPad 2 at the moment, Stefan’s exploit will not currently work. All other devices such as the first generation iPad, iPhone 4, 3GS, iPod Touch 3G, and 4G can still utilize the limera1n exploit along with the yet to be discovered iOS 4.3 exploit. Most More >
You guys probably remember the untethered jailbreak demo that we posted about last night. It looks like the hacker behind the exploit is going to save it up until Apple releases iOS 4.3.1 as to preserve the exploit from being patched.
i0n1c: With Apple already baking 4.3.1 the first one releasing an iOS 4.3 jailbreak will pretty much burn the exploit
i0n1c: Well Apple should release 4.3.1 very soon, because tomorrow everybody knows that @0xcharlie popped an iPhone 4 at #pwn2own through Safari.
Charlie Miller, known for exploiting the Safari browser for the past 3 years has managed to rip apart iPhone 4 security today at the Pwn2Own 2011 hacking contest at Vancouver. This is Miller’s forth consecutive win at the Pwn2Own contests.
All the attack required was for the target iPhone to surf to a rigged website. On his first attempt at the drive-by exploit, the iphone browser crashed but once it was relaunched, Miller managed to hijack the entire address book. He partnered with colleague Dion Blazakis to successfully exploit the Apple device using a MobileSafari flaw to swipe the iPhone More >
Apple’s Safari browser has once again been compromised, this time by VUPEN co-founder Chaouki Bekrar in today’s Pwn2Own hacker contest. The vulnerability was demoed on a MacBook which was running a fully patched version of Mac OS X (64-bit) where he was able to launch a calculator on the compromised machine. According to Bekrar, the vulnerability was discovered in WebKit, the open-source browser rendering engine using fuzzers. The team took around two weeks to identify the vulnerability and coding a working exploit for it. Bekrar and his team ended up winning a $15,000 cash prize and an More >