14 comments

[ 2.8 ms ] story [ 36.0 ms ] thread
It affects the iPhone 5, which is coming out tomorrow, not to mention all the other iDevices that can run iOS 6. I'm sure Apple will have it patched soon enough.
They'll patch it for iOS 6. Anyone else is on their own.
For a browser to be hacked days before it is even released on large scale speaks of Apple's security practices.
Since this works on iOS 5 and older hardware it's reasonable to believe the flaw has been around for some time.
the iOS 6 GM has been seeded for some time.
Not only that but we don't know how long the security hole has been there for. I've been running iOS 6 for months now, wouldn't be surprised if these guys did the same thing in preparation.
? What does the size of the deployment have to do with being able to find a bug? It's not like they went searching through millions of slightly different copies of safari to find the broken one.
"We really wanted to see how much time it would take a motivated attacker to do a clean attack against your iPhone. For me, that was the motivation. The easy part was finding the WebKit zero-day."

If finding the exploit was the easy part I'm curious what the hard part was.

Also, Apple should be incentivizing and supporting hackers more directly. It shouldn't have to take a (thankfully) white-hat hacker conference to get bugs like this fixed.

Probably defeating code signing and sandboxing
Wonderful. So, now owners of the iPhone 4 and 4s will have two options:

1) Upgrade to a newer version of iOS to patch the exploit, and suffer a major functionality regression with regard to maps.

2) Not upgrade and risk having all the personal information on the phone stolen by a malicious website.

There's no middle ground? I assume that Opera wouldn't be vulnerable? What about the browsers that wrap UIWebView like Chrome?
Well... maybe I'm being too hyperbolic. But, I am under the impression that Safari is still the default handler for http things. So, links from the mail app or maps will open in Safari. I don't think it's that outrageous to suggest that malicious links have ever been sent via email.

We can all sit here on HN and say that you shouldn't just go around clicking on everything that arrives in your inbox, but phishing is still something that banks deal with.

What about original IPad owners who can't upgrade to IOS6.
I wonder if this exploit can be used to jailbreak Iphone 5, untethered at least.. some previous, user-friendly online jailbreaks used .pdf vulnerabilities in Safari, but I am not sure if they used it with a combination of another privelege escalation exploit..