Wednesday, March 9, 2011

Charlie Miller Discovered New iPhone 4 Jailbreak Exploit

Security researcher Charlie Miller, known for pwning Safari browser for the last 3 years atpwn2Own hacking contest, is all set to demonstrate a new exploit for jailbreaking iPhone 4 (should be in iOS 4.3 GM) with team member Dion Blazakis.
Few hours back Charlie Miller confirmed to have discovered a new jailbreak
exploit which will be demoed in pwn2Own contest tomorrow. He later tweeted that the exploit is not fully baked and is not working on all test devices. However, both Dion and Charlie are hard at work to make it work.
Finished up a not-so-reliable, but workable iPhone exploit with @dionthegod today. Off to cansecwest now.
Oh, I take it back, iPhone exploit isn’t working on another test phone we found :(Work continues. No sleep for @dionthegod tonight.
The series of tweet listed below suggest that Charlie wouldn’t mind sharing exploit with iPhone Dev Team, once it is fully baked.
n00neimp0rtant @0xcharlie well if you can get exploit the vuln for jb…would you share with @iPhone_dev?
@n00neimp0rtant well I can’t get the exploit to work yet, so it’s a bit premature.
@0xcharlie Why are you doing pwn2own instead of releasing it? If you’re doing it for the money, wouldn’t you get more from the jailbreak?
@Omega you don’t make any money from jailbreaking. This would only be half a jailbreak exploit anyway. Via Twitter 12
The company installs the latest OS on the devices, to be presented to hackers in the contest. Most likely it should be iOS 4.3 GM on iPhone 4 test model.
[Update 1:] Dion Blazakis just tweeted to share the latest development about theJailbreak exploit:
Much like Sex Panther cologne, 60% of the time, this exploit works everytime! But I hear everytime a beer is downed, an exploit gets it’s PC