Pwn2Own: iOS vulnerability reveals user data

Pwn2Own: iOS vulnerability reveals user data.

Pwn2Own WebKitDuring this year’s Mobile Pwn2Own hacking competition, two Dutch security researchers managed to access user data saved on an iPhone 4S. According to a report from the IDG News Service, calling up a manipulated web site with iOS 5.1.1 was all that was needed to introduce malicious code that then sent any pictures, videos, address book data and browsing history saved on the device to the attackers’ server.

The report says that the security vulnerability that was used for the attack, which is in the WebKit browser engine used by the mobile version of Safari, can also be exploited for other iOS devices; the security researchers say that this has not yet been fixed as of the golden master version (Build 10A403) of iOS 6, which Apple released Wednesday evening. The two researchers told ZDNet that they developed the exploit in their free time over the course of three weeks and were awarded with a $30,000 prize as part of the Pwn2Own contest.

Details of the vulnerability were apparently only shared with the competition organiser, the TippingPoint’s Zero Day Initiative, which plans to pass the exploit on to Apple.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s