Apple Fixes Pwn2Own Bug in Mac OS X

Latest Mac OS X 10.6.7 flaws get patched, with iOS 4.3.1 fix rumoured to be coming soon

Rumour has it Apple will release iOS 4.3.1 in the next few weeks to close security holes, including the one in Safari mobile Web browser that allowed Charlie Miller to crack the iPhone during the recent Pwn2Own hacking contest.

At the same time the rumour made the rounds, Apple released OS X 10.6.7, which fixed another Safari vulnerability Miller had found for the Safari browser, but had not demonstrated at the contest.

“OS X 10.6.7 is out, fixes our Pwn2Own bug, but bug is still in latest iOS for a while longer, nice patch coordination,” Miller wrote on Twitter on late yesterday.

This update is especially important for owners of the new MacBook Pro systems because it fixes the graphics bug that caused hangs and crashes under heavy graphics load, Apple said. This update “improves graphics stability and external display compatibility” in the new systems, added the firm.

Tackling latest OS flaws

Accessible on Software Update, OS X 10.6.7 is available for both the client and server versions of the operating system (OS) and as either delta or “combo” updaters, Apple said. It also addresses the numerous security flaws with built-in services, system utilities and core details such as the kernel and filesystem handling. Left unpatched, attackers would have been able to access restricted files, remotely execute code, or change system configuration, Apple said. The update also fixed “Back to My Mac” remote connectivity technology’s reliability issues and fixed bugs in Windows file sharing Samba.

The minor update for the iPhone and iPad’s operating system will arrive in one or two weeks, according to Boy Genius Report, a site that focuses on communications and consumer electronics, yesterday. The update will contain “minor bug fixes,” as well address Miller’s Safari mobile Web browser flaw and the iPad2’s jailbreak vulnerability, the site said.

Charlie Miller and Dion Blazakis, researchers from Baltimore-based Independent Security Evaluators, exploited Apple’s Safari mobile browser on an iPhone with a drive-by-exploit at CanSecWest’s Pwn2Own hacking contest on 10 March. The hacked phone was running iOS 4.2.1, but Miller had said the flaw still existed in iOS 4.3, which had been released just the day before.

Under contest rules, HP TippingPoint, the contest’s sponsor, shared the details of the exploit with Apple, and it is reportedly fixed in 4.3.1.

Closing down jailbreak ploys

Apple is also moving quickly to address jailbreak issues. Three days after the iPad 2 was released, developer “Comex” announced on Twitter that he had jailbroken the device remotely and loaded Cydia, an application that allows users to find and download jailbroken apps for iOS devices. The 4.3.1 update will close the new tablet’s jailbreak flaw, BGR reported.

Along with Baseband updates for the iPhone 3GS and the iPad, this new release will also fix the bug with memory hanging and being corrupted when reading large files from the USIM filesystem, the NTLM authentication problems in apps and on websites (associated with the challenge-and-response protocol for logging onto Microsoft accounts), and the issue of Springboard and third-party apps not recognising the gyroscope on the iPad2, BGR said.

BGR’s wireless carrier sources have been fairly accurate in forecasting iOS updates in the past. The site was only off by a day when it predicted the iOS 4.3’s early release earlier this month, although the exact release date for the iOS fix remains unclear.