For the most part, Apple’s iOS software and hardware have been very safe and hard for hackers to be taken advantage of, but two hackers in the Pwn2Own contest, Joost Pol and Daan Keuper, were able to find a vulnerability in WebKit. This vulnerability then let them hi-jack photos, videos, address book contacts, and browsing history from the phone. The two earned a $30,000 cash-prize for this.
Once the two found the vulnerability, Joost and Daan spent about three weeks writing an exploit to hack the 4S. The exploit works in all versions of iOS, from the first release all the way to iOS 6.
The exploit itself took some jumping around. With the WebKit bug, which was not a use-after-free flaw, the researchers had to trigger a use-after-free scenario and then abuse that to trigger a memory overwrite. Once that was achieved, Pol and Keuper used that memory overwrite to cause a read/write gadget, which provided a means to read/write to the memory of the iPhone. “Once we got that, we created a new function to run in a loop and used JIT to execute the code without signing,” Keuper explained.
While the team of two could use this hack in a harmful manner, they already deleted all instances of it from their computers. Hopefully no hacker finds a similar hack and executes it maliciously.