Apple Fixes Pwn2Own Bug in Mac OS X 10.6.7, iOS 4.3.1 Expected Soon

Rumor has it Apple will release iOS 4.3.1 in the next few weeks to close security holes, including the one in Safari mobile Web browser that allowed Charlie Miller to crack the iPhone during the recent Pwn2Own hacking contest.

At the same time the rumor made the rounds, Apple released OS X 10.6.7, which fixed another Safari vulnerability Miller had found for the Safari browser, but had not gotten a chance to demonstrate at the contest.

“OS X 10.6.7 is out, fixes our pwn2own bug, but bug is still in latest iOS for a while longer, nice patch coordination,” Miller wrote on Twitter on March 21.

This update is especially important for owners of the new MacBook Pro systems because it fixes the graphics bug that caused hangs and crashes under heavy graphics load, Apple said. This update “improves graphics stability and external display compatibility” in the new systems, Apple said.

Accessible on Software Update, OS X 10.6.7 is available for both the client and server versions of the operating system and as either delta or “combo” updaters, Apple said. It also addresses the numerous security flaws with built-in services, system utilities and core details such as the kernel and filesystem handling. Left unpatched, attackers would have been able to access restricted files, remotely execute code, or change system configuration, Apple said. The update also fixed “Back to My Mac” remote connectivity technology’s reliability issues and fixed bugs in Windows file sharing Samba.

The minor update for the iPhone and iPad’s operating system will arrive in one or two weeks, according to Boy Genius Report, a site that focuses on communications and consumer electronics, on March 21. The update will contain “minor bug fixes,” as well address Miller’s Safari mobile Web browser flaw and the iPad2’s jailbreak vulnerability, BGR said.

Charlie Miller and Dion Blazakis, researchers from Baltimore-based Independent Security Evaluators, exploited Apple’s Safari mobile browser on an iPhone with a drive-by-exploit at CanSecWest’s Pwn2Own hacking contest on March 10. The hacked phone had iOS 4.2.1, but Miller had said the flaw still existed in iOS 4.3, which had been released just the day before.

Under contest rules, HP TippingPoint, the contest’s sponsor, shared the details of the exploit with Apple, and it is reportedly fixed in 4.3.1.

Apple is also moving quickly to address jailbreak issues. Three days after the iPad 2 was released, developer “Comex” announced on Twitter that he had jailbroken the device remotely and loaded Cydia, an application that allows users to find and download jailbroken apps for iOS devices. The 4.3.1 update will close the new tablet’s jailbreak flaw, BGR reported.

Along with Baseband updates for the iPhone 3GS and the iPad, this new release will also fix the bug with memory hanging and being corrupted when reading large files from the USIM filesystem, the NTLM authentication problems in apps and on Web sites, and the issue of Springboard and third-party apps not recognizing the gyroscope on the iPad2, BGR said.

BGR’s wireless carrier sources have been fairly accurate in forecasting iOS updates in the past. The site was only off by a day when it predicted the iOS 4.3’s early release earlier this month.

The exact date remains unclear, and BGR’s sources did not know whether the update will be made for Verizon customers as well. Verizon’s customers are still on iOS 4.2.