Did they ever fix the pwn2own SMS hack from March (2010)?

Discussion in 'iPhone' started by Schtibbie, Jun 5, 2010.

  1. Schtibbie macrumors 6502

    Joined:
    Jan 13, 2007
    #1
    So, back in March (2010), a fully patched NON-jailbroken iPhone was hacked at the pwn2own contest by visiting a website, which crashed Safari and in the process stole the entire SMS database. The news reports indicated that Apple was made aware of the issue, but I never heard that it was patched. Did that get fixed? Or was Apple hoping it would just go away?

    They DID fix some vulnerabilities on the Mac shortly thereafter.
     
  2. wardev macrumors regular

    Joined:
    Jul 28, 2008
    #2
    I recall that apple released an update shortly after the vulnerability was discovered to patch it.
     
  3. fishmd macrumors 68000

    fishmd

    Joined:
    Jun 18, 2008
    Location:
    Sunny South Florida
    #3
    If you are talking about the userland hack, then no. This is what was used for the current Spirit jailbreak I believe. There has been no patch released since 3.1.3 either which came out before that last hack was done.
     
  4. Schtibbie thread starter macrumors 6502

    Joined:
    Jan 13, 2007
    #4
    Yeah, I guess I'm surprised they haven't fixed this. It was made public in March and this is June. And the hack can steal your SMS messages, *other* data you have on the phone, contacts, etc. Kind of a big hole. I spent a good amount of time looking the other day for followups to the story to no avail. So, they patched Mac issues from that pwn2own event (Safari on MacOS issues) but not iPhone.
     

Share This Page