iPhone and BlackBerry browsers fall at Pwn2Own switched by Vlad Bobleanta, one day after IE8 and Safari fell prey to keen hackers during Pwn2Own’s first day this year. iPhone and BlackBerry browsers have also been exploited. The former was pawned by Charlie Miller, veteran Pwn2Own winner who developed an exploit that enabled Miller to run random code on the iPhone when you visit a specially-formatted web page. He was able to perform any action of his choice when he was once ‘in’ the iPhone. Both iPhone running iOS 4.2.1 and iOS 4.2 can be controlled. However the latest version of Apple’s mobile operating system can not be controlled with the specific exploit that Miller used.
In the BlackBerry Torch 9800, pawning browser proved because there is no there’s no debugger available for that version of the BlackBerry browser. Pawning requires two information leak bugs; an integer overflow bug and trial and error work for the multinational team of researchers that were ready to do this. Only requirement for the exploit to work was to visit a specially-crafted website. A newer firmware version for the Torch is available with some flaws.
The researchers did not show up to test Android-powered Google Nexus S and a Windows Phone 7 device, though they were also supposed to be tested.
[ VIA : Arstechnica ]