New iPhone Exploit To Be Announced At Black Hat Security Conference
Charlie Miller, also known by some in the security community as “Safari Charlie” for his Safari exploits at the Pwn2Own hacking contest, has announced that he and Vincenzo Lozzo, a student at the University of Milan, have recently discovered a new exploit to trick the iPhone into running unsigned code, and will be revealing their findings at the Black Hat Security Conference in Las Vegas.
“The iPhone has lots of defenses,” Miller told Ars Technica, “including application sandboxes, memory protections, and lack of a shell.” The “memory protections” differentiate between data and code, and prevent areas marked as data from being executed as code.
“What I discovered was a way to get around that memory protection,” Miller explained. “Basically you’re able to have your data interpreted as code. That code could then modify the processor to load and run unsigned library.”
“In our case, we have processor load an unsigned library that amounts to a complete shell environment,” he added. At that point, a hacker would be able to do whatever they wanted to do with the device, including read any file or download more code.
Fortunately for us bystanders, the exploit itself is still useless without an exploit to load code as data and trick the iPhone into executing it in time. “By itself, it’s useless,” Miller said. “You still need to get control of the processor.”
Still, now that this exploit exists, other hackers will likely be trying to find ways to do just that.
[via Ars Technica]