Two Dutch researchers successfully hacked a patched iPhone 4S, exploit a vulnerability also likely present in the new iPhone 5 due to be released tomorrow.
Joost Pol and Daan Keuper won the mobile Pwn2Own contest yesterday at EUSecWest event in Amsterdam by compromising a fully patched iPhone 4S device and stealing contacts, browsing history, photos and videos from the phone.
The pair was able to build an exploit for a vulnerability in WebKit to beat Apple's code-signing features and the MobileSafari sandbox. The same bug is present in the iOS6 Golden Master development code base, meaning iPhone 5 is vulnerable to the same exploit. Apple iPads and iPod Touch devices are also vulnerable, Pol and Keuper said, adding that it took them three weeks find the flaw and write an exploit.
Read more, a MUST:
Via Gust MEES