Charlie Miller has once again won the Pwn2Owncontest by successfully hacking iPhone 4 using an exploit found in Mobile Safari to swipe the address book of the compromised iPhone.
The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
The interesting thing though is that iPhone 4 running on the recently released iOS 4.3 is safe from this vulnerability, sort of. This is because ofASLR (Address Space Layout Randomization) which Apple has implement in the latest version of iOS. However the exploit exists in iOS 4.3 and will need ASLR to be bypassed (which is much harder to do) in order to inject any code. iOS devices running iOS 4.2.1, and below are vulnerable to this exploit.