The iOS 4.3.1 update released yesterday does not fix the Pwn2Own exploit discovered by Charlie Miller.
4.3.1 does not fix the pwn2own bug. It’s weird they fixed it in the next os x update after the contest, but not the next update.
More time for the bad guys to get their bindiff->exploit workflow going.
The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
It’s unclear whydidn’t fix the widely publicized exploit.