Friday, March 26, 2010

iPhone Security: SMS Database Owned in Seconds

The exploit, which was demonstrated at Pwn2Own contest at CanSecWest and targets a non-root user named "mobile" is able to access SMS data, including previously deleted messages according to ZDNet. The exploit relies on a chained return-into-libc, a reasonably common buffer overflow attack.

The data that could be stolen by attacking Safari includes the phone contact list, the email database, photographs and iTunes music files.

Apple is sure to release a patch soon, but the underlying issue with code signing and stack protection is likely to remain. The important question is whether Apple will fix their approach to stack protection and will futher lock down the access provided to their browser user.