Charlie Miller, known for exploiting the Safari browser for the past 3 years has managed to rip apart iPhone 4 security today at the Pwn2Own 2011 hacking contest at Vancouver. This is Miller’s forth consecutive win at the Pwn2Own contests. All the attack required was for the target iPhone to surf to a rigged website. On his first attempt at the drive-by exploit, the iphone browser crashed but once it was relaunched, Miller managed to hijack the entire address book. He partnered with colleague Dion Blazakis to successfully exploit the Apple device using a MobileSafari flaw to swipe the iPhone 4?s address book. After winning, Dion tweeted the following: @0xcharlie @dancaselden and I won the iPhone PWN2OWN. What a pain in the ass — glad it wasn’t iOS 4.3 (vuln still there, tho) Something interesting to note is that the iPhone 4 test device was not running the final iOS 4.3 build (most likely it was GM). But even though it was iOS 4.3, it was exploitable as the vulnerability still exists. After winning and earning $15,000 USD, the device itself, and 20,000 ZDI reward points which immediately qualified them for Silver standing. The Silver standing included a one-time $5,000 USD cash payment, 15% monetary bonus on all ZDI submissions in 2011, 25% reward point bonus on all ZDI submissions in 2011, and paid travel and registration to attend the DEFCON Conference in Las Vegas. It’s nice to see people winning at the Pwn20wn contests as it ends up helping every party in one way or another. What do you think of the news? Let us know in the comments below! As usual, stay tuned for more tech news and info by following us on Twitter and/or subscribing to our RSS feed. [Source: ZDNet] Authors:

to know more click here