Did they ever fix the pwn2own SMS hack from March (2010)?

[Schtibbie]

So, back in March (2010), a fully patched NON-jailbroken iPhone was hacked at the pwn2own contest by visiting a website, which crashed Safari and in the process stole the entire SMS database. The news reports indicated that Apple was made aware of the issue, but I never heard that it was patched. Did that get fixed? Or was Apple hoping it would just go away?

They DID fix some vulnerabilities on the Mac shortly thereafter.

 

[wardev]

I recall that apple released an update shortly after the vulnerability was discovered to patch it.

 

[fishmd]

If you are talking about the userland hack, then no. This is what was used for the current Spirit jailbreak I believe. There has been no patch released since 3.1.3 either which came out before that last hack was done.

 

[Schtibbie]

If you are talking about the userland hack, then no. This is what was used for the current Spirit jailbreak I believe. There has been no patch released since 3.1.3 either which came out before that last hack was done.

Yeah, I guess I'm surprised they haven't fixed this. It was made public in March and this is June. And the hack can steal your SMS messages, *other* data you have on the phone, contacts, etc. Kind of a big hole. I spent a good amount of time looking the other day for followups to the story to no avail. So, they patched Mac issues from that pwn2own event (Safari on MacOS issues) but not iPhone.