On the second day of the pwn2own competition in Vancouver B.C., Canada – hacker Charlie Miller aka @0xcharlie hacked the iPhone 4 through an exploit in iOS 4.2.1.
@0xcharlie was the same hacker who managed to steal contacts from the iPhone’s phone book through a bug in Safari. He bypassed the iPhone’s DEP (Data Execution Prevention) to gain access to a users contacts, but only after the Safari browser crashed once.
The iPhone 4 was running iOS 4.2.1, but @0xcharlie said the exploit is also present in iOS 4.3. Apple has added ASLR (Address Space Layout Randomization) to the latest firmware update, which makes the firmware a bit more complicated to hack. It was not mentioned what kind of harm does the exploit bring.
Apple has received the exploit information so that means they may release iOS 4.3.1 anytime soon.