Sorry Sword, remember "jailbreakme.com"? That was an ACE exploit used to JAILBREAK the iPhone. Meaning that malformed PDF actually ROOTED the phone, just by trying to open it. Bone-stock iOS install completely compromised by an ACE.
You're wrong here. That was PROOF POSITIVE that an ACE exploit could completely root iOS without anything more than just visiting a website. It was bone-stock Apple code on bone-stock iOS that was compromised.
Sorry, you're wrong. Now the question is: will you admit it?
It used to be Apple cannot be hacked, now its Apple doesn;t use Adobe. There have been multiple notifications of high risk vulnerabilities from Apple over the last few months.
Many have included the warning of arbitrary code execution. To be fair though it took Microsoft a long time to accept their responsibility and handle security vulnerabilities properly.
It takes more than hype to build and sustain a company. Sooner or later the shine wears off and people move to the next fad.
Puget, First of all, as I stated in the previous post, iOS devices do not have Non-Execute stacks and ARE vulnerable to data buffer overflow exploits. And yes, the iPhone was being ROOTED by a visit to a website and the downloading of a PDF file.
However, that vulnerability was closed with iOS 4.0.2 and iOS 3.2.2 four weeks ago... so talk about something up-to-date... and relevant to today. And even more so with the release of iOS 4.1
So, no, Puget, I am not wrong. This particular Adobe PDF vulnerability and FLASH flaw is NOT impacting iOS devices and no exploits are being reported. This flaw is in the Adobe READER and the Adobe Flash Player... not in the Apple written reader built into the iPhone, iPod, and iPad that was exploited in the Jailbreakme.com exploit... that vulnerability is gone. This is a totally different vulnerability and it simply DOES NOT EXIST on these devices because, Puget, these applications DO NOT EXIST for iOS. Can I make it any easier for you to understand than that? Whether there might be more buffer overflow vulnerabilities is not in question here... there may be. What is in question is DOES THIS VULNERABILITY, discovered last week, impact these devices. The answer is NO, it does not.
So you are wrong. Now the question is: Will you admit it?