or Connect
AppleInsider › Forums › Mobile › iPad › Apple expected to release iOS 4.3.1 'soon' to patch Safari vulnerability
New Posts  All Forums:Forum Nav:

Apple expected to release iOS 4.3.1 'soon' to patch Safari vulnerability

post #1 of 21
Thread Starter 
On the heels of the release of iOS 4.3, Apple is expected to introduce an incremental update for its mobile devices, including the new iPad 2, to patch a newly discovered security hole in the Safari Web browser.

A vulnerability for the iOS mobile operating system was exposed this week at the Pwn2Own hacking contest by researcher Charlie Miller. As first reported by Redmond Pie, Miller noted on Twitter that he won the iPhone-specific portion of the event with his hack, but also communicated with Apple to share the exploit he used.

"Apple already has the vulnerability information and will patch soon," Miller wrote.

The exploit reportedly takes advantage of a hole in the iOS to bypass Address Space Layout Randomization. ASLR is a new security feature introduced by Apple in iOS 4.3.

The rules of the contest required that Miller and his hacking partner, colleague Dion Blazakis, not release the vulnerability to the public, where a malicious hacker could take advantage of it. Instead, the information has only been shared with Apple.

Miller is a renowned hacker and security expert who has also won the CanSecWest Pwn2Own security conference in the past. In 2009, he discovered a hack that could be sent via text message and would allow a hacker to take remote control of an iPhone. The issue was patched by Apple.

iOS 4.3 was released by Apple on Wednesday, and it will come preinstalled on new iPad 2 units sold starting today. One of its biggest improvements came in the Safari browser, with JavaScript rendering speeds twice as fast as in iOS 4.2, thanks to the Nitro engine ported from Mac OS X.
post #2 of 21
And all iPhone 3G users are from now on using unpatched systems. And the iPhone 3G was sold in US until last summer. I think Apple should really supply security patches for at least a year for its products. An iPhone 3G bought last May is still under the one-year warranty but no longer receives security patches.
post #3 of 21
So basically, a whole 500 mb update for one flaw.
post #4 of 21
Quote:
Originally Posted by ghostface147 View Post

So basically, a whole 500 mb update for one flaw.

Yea, that's what I'm thinking too.

I'm not a software expert, so maybe someone can enlighten me. Why is it that OS X can download a 10 MB, 100 MB, etc. patch, but iOS and iOS apps need to completely re-download?
post #5 of 21
Was Miller's the only successful breakthrough? Maybe Apple will collect all of the hacks and do all of the patches before releasing an update. I think it's time for that new security expert Apple hired from the NSA to hand Miller his @$$ with an OS and Safari that Miller can't break through. Hasn't happened yet.
Fortes Fortuna Adiuvat
Reply
Fortes Fortuna Adiuvat
Reply
post #6 of 21
Quote:
Originally Posted by ghostface147 View Post

So basically, a whole 500 mb update for one flaw.

No. There will be more than just that. The Safari they updated to is nowhere near the current WebKit Nightly.
post #7 of 21
Quote:
Originally Posted by mdriftmeyer View Post

No. There will be more than just that. The Safari they updated to is nowhere near the current WebKit Nightly.

Aren't they working with WebKit2 now? I haven't done the nightly downloads in a while, so I'm sort of out of the loop. Seems to me that Apple could do more, yet isn't. Who is that NSA guy anyway? Has he actually started work?
Fortes Fortuna Adiuvat
Reply
Fortes Fortuna Adiuvat
Reply
post #8 of 21
The phone Charlie Miller hacked was running 4.2.1 he stated “If you update your iPhone today, the MobileSafari vulnerability is still there, but the exploit won’t work. I’d have to bypass DEP and ASLR for this exploit to work”.

So he didn't bypass ASLR.

Source
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #9 of 21
Quote:
Originally Posted by Brian Green View Post

Aren't they working with WebKit2 now? I haven't done the nightly downloads in a while, so I'm sort of out of the loop. Seems to me that Apple could do more, yet isn't. Who is that NSA guy anyway? Has he actually started work?

WebKit Nightly isn't WebKit2 enabled. You still have to build that along with WebGL and other features. A ton of work has gone into WebKit 2 as it's nearing a point of release as the replacement to WebKit.

Latest WebKit Nightly is build r80833.

WebKit2 is enabled in OS X 10.7 Lion developer previews.

I'm betting on them calling it Safari 6 for OS X and probably Safari 6 Mobile for iOS 5.

They better have WebKit2 enabled in Leopard and Snow Leopard as there is no reason for them not to do so. None of the technologies are Lion specific.
post #10 of 21
Quote:
Originally Posted by mdriftmeyer View Post

They better have WebKit2 enabled in Leopard and Snow Leopard as there is no reason for them not to do so. None of the technologies are Lion specific.

Couldn't the same thing be said about 64-bit Safari in Snow Leopard which could have probably made it to Leopard or even Tiger?
post #11 of 21
Quote:
Originally Posted by hill60 View Post

The phone Charlie Miller hacked was running 4.2.1 he stated If you update your iPhone today, the MobileSafari vulnerability is still there, but the exploit wont work. Id have to bypass DEP and ASLR for this exploit to work.

So he didn't bypass ASLR.

Source

Good to know. By the time someone figures outhow to bypass ASLR this vulnerability will likely be patched.
post #12 of 21
Quote:
Originally Posted by hill60 View Post

The phone Charlie Miller hacked was running 4.2.1 he stated If you update your iPhone today, the MobileSafari vulnerability is still there, but the exploit wont work. Id have to bypass DEP and ASLR for this exploit to work.

So he didn't bypass ASLR.

Source

Not so good for Verizon customers who are still stuck on 4.2.6 at the moment and do not have ASLR. Although, until mobilesubstrate works for jailbroken phones on 4.3, I may not want to upgrade anyway.
Video editor, tech enthusiast, developer.

http://www.yuusharo.com
http://www.studioyuu.com
Reply
Video editor, tech enthusiast, developer.

http://www.yuusharo.com
http://www.studioyuu.com
Reply
post #13 of 21
Hmm, do I smell another tethered jailbreak for iOS 4.3?
post #14 of 21
Quote:
Originally Posted by yuusharo View Post

Not so good for Verizon customers who are still stuck on 4.2.6 at the moment and do not have ASLR. Although, until mobilesubstrate works for jailbroken phones on 4.3, I may not want to upgrade anyway.

Isn't ASLR what's holding mobilesubstrate up? Which means mobilesubstrate compatibility will be achieved at the same time everyone's vulnerable again because ASLR has been cracked.
post #15 of 21
Quote:
Originally Posted by ltcommander.data View Post

Isn't ASLR what's holding mobilesubstrate up? Which means mobilesubstrate compatibility will be achieved at the same time everyone's vulnerable again because ASLR has been cracked.

Apart from ASLR not being cracked that is, if you'd like to refer to my earlier post.
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #16 of 21
Quote:
Originally Posted by noirdesir View Post

And all iPhone 3G users are from now on using unpatched systems. And the iPhone 3G was sold in US until last summer. I think Apple should really supply security patches for at least a year for its products. An iPhone 3G bought last May is still under the one-year warranty but no longer receives security patches.

If there is a security patch required for it, then it will receive one, there will be an incremental update to the current operating system provided for that device, this is standard apple practice. There was an upgrade to 10.5 after 10.6 was launched in order to do just this.
post #17 of 21
Quote:
Originally Posted by libertyforall View Post

Hmm, do I smell another tethered jailbreak for iOS 4.3?

iOS 4.3 is already broken, untethered
post #18 of 21
Why don't Apple make this guy an offer he cannot refuse and make him an Apple employee continually checking the security,..?
post #19 of 21
Quote:
Originally Posted by mdriftmeyer View Post

No. There will be more than just that. The Safari they updated to is nowhere near the current WebKit Nightly.

They can't patch the phone without patching the firmware, that way, if you ever have to reset it, the update sticks. You also can't edit a read only file system.
post #20 of 21
Quote:
Originally Posted by Scafe2 View Post

Why don't Apple make this guy an offer he cannot refuse and make him an Apple employee continually checking the security,..?

Apple has already very good security experts, like Ivan Krstic. Miller isn't necessary, remember IOS 4.3 isn't cracked. Being a good hacker isn't the same as being a good designer of secure systems.
Note that the hacks of Miller don't lead to viruses. The exploits are prepared several months before the contest and probably based on known bugs in the open source parts of the code (say WebKit).
The fact that IOS devices are updated on a regular basis and the difficult and time consuming process of finding exploitable bugs keeps IOS (and Mac OS X) virus free.
It's the open source community and Apple experts that keep it this way, this is very different for Windows with only 'closed' code.

Sloppy report of Appleinsider by the way.

J.
post #21 of 21
Quote:
Originally Posted by acslater017 View Post

Yea, that's what I'm thinking too.

I'm not a software expert, so maybe someone can enlighten me. Why is it that OS X can download a 10 MB, 100 MB, etc. patch, but iOS and iOS apps need to completely re-download?

If I remember rightly (not in a place with ubiquitous wi-fi atm) the iPhone's storage is divided in two - one mounted at the root of the file system and the 8 gb / 16 gb whatever mounted under a folder for your apps and music. When it's time to update the phone, basically the phone gets put into recovery mode and the new firmware image is written to OS storage. When the phone reboots, it's then running the new firmware. This offers a higher degree of reliability (which is a good thing - don't want the upgrade to brick your phone) but the penalty is that you have download a large binary file every time you upgrade.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPad
  • Apple expected to release iOS 4.3.1 'soon' to patch Safari vulnerability
AppleInsider › Forums › Mobile › iPad › Apple expected to release iOS 4.3.1 'soon' to patch Safari vulnerability