or Connect
AppleInsider › Forums › Mobile › iPhone › Software fix coming for iOS vulnerabilities
New Posts  All Forums:Forum Nav:

Software fix coming for iOS vulnerabilities

post #1 of 31
Thread Starter 
Apple confirmed Wednesday that it has developed a fix for the two security vulnerabilities that allow jailbreaking of their iOS software.

An Apple spokeswoman said in a statement, "We're aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update." No release date was given for the update.

Previously, Apple had announced it was "investigating" the issue.

iPhone Dev Team hacker "comex" was the first to exploit the security flaws, allowing users to jailbreak their iOS devices. Early users of the browser-based jailbreak exploit reported problems with FaceTime and MMS services, but the issues were quickly addressed by the iPhone Dev Team.

The vulnerabilities have attracted significant attention this week. Several security firms have issued notices labeling the vulnerabilities "critical." A German government agency warned users Wednesday to avoid opening PDF files on their devices until a software fix is released.

This isn't the first time the German government has expressed concern over security on the iPhone 4 and iOS. In June, a German official asked for clarification on Apple's use of personal data collected from German iPhone 4 users, as reported by The New York Times. Sabine Leutheusser-Schnarrenberger, the justice minister for Germany, requested information from Apple outlining the kind of data collected and the reason for its collection.
post #2 of 31
Saw that coming. How many potential jailbreaker's are going to update though (until 4.1 iff it has compelling reasons)?
post #3 of 31
How about posting a fix for breaking the car stereo integration???

My 3GS worked flawlessly with my car stereo until iOS 4 upgrade...tried every possible forum thread fix that has been suggested...NOTHING works. Opened a BugDev report and sent in logs so hopefully they fix it but it has been taking forever. Until then, I just use other audio in my vehicle that is non-Apple.
post #4 of 31
Quote:
Originally Posted by blur35mm View Post

How about posting a fix for breaking the car stereo integration???

My 3GS worked flawlessly with my car stereo until iOS 4 upgrade...tried every possible forum thread fix that has been suggested...NOTHING works. Opened a BugDev report and sent in logs so hopefully they fix it but it has been taking forever. Until then, I just use other audio in my vehicle that is non-Apple.

what about downgrading to 3.x
I APPLE THEREFORE I AM
Reply
I APPLE THEREFORE I AM
Reply
post #5 of 31
Quote:
Originally Posted by NOFEER View Post

what about downgrading to 3.x


Yep, let's go backwards so things work...
post #6 of 31
Quote:
Originally Posted by NOFEER View Post

what about downgrading to 3.x

Or just not go to the site set up to jailbreak your phone?

Or, having gone to that site, don't tell the site that it's OK to jailbreak your phone?
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #7 of 31
One fix at a time Apple.... One... Fix... At... A... Time
"Why iPhone"... Hmmm?
Reply
"Why iPhone"... Hmmm?
Reply
post #8 of 31
Quote:
Originally Posted by AppleInsider View Post

... A German government agency warned users Wednesday to avoid opening PDF files on their devices until a software fix is released.

This isn't the first time the German government has expressed concern over security on the iPhone 4 and iOS. In June, a German official asked for clarification on Apple's use of personal data collected from German iPhone 4 users, as reported by The New York Times. Sabine Leutheusser-Schnarrenberger, the justice minister for Germany, requested information from Apple outlining the kind of data collected and the reason for its collection.

So... Germans are haters?
post #9 of 31
HAVE NO FEAR!
When APPLE is finished with its security fix, your iphone will be safer than before. APPLE wants their software to be more secure than we do.
post #10 of 31
Quote:
Originally Posted by DaHarder View Post

One fix at a time Apple.... One... Fix... At... A... Time


why don't you tell that to the 4.5 Million Android losers who got infected by a Spyware-Wallpaper app?
post #11 of 31
Quote:
Originally Posted by Damn_Its_Hot View Post

Saw that coming. How many potential jailbreaker's are going to update though (until 4.1 iff it has compelling reasons)?

Not me. I am staying jailbroken, and for only ONE reason...tethering. AT&T's tethering "feature" is unacceptable. I could live with either:

1. $10 a month with unlimited, OR
2. FREE with a 2GB cap

As it stands, I will use tethering for free due to this pricing nonsense.
post #12 of 31
They really need to get around to fixing the proximity sensor. I can't make a call without it hanging up, muting me, or trying to start facetime. You would think this would be a bigger story, but I guess not since it's been easier just to bash the antenna design.
post #13 of 31
Quote:
Originally Posted by lamewing View Post

Not me. I am staying jailbroken, and for only ONE reason...tethering. AT&T's tethering "feature" is unacceptable. I could live with either:

1. $10 a month with unlimited, OR
2. FREE with a 2GB cap

As it stands, I will use tethering for free due to this pricing nonsense.

Did you ever get a chance to download Handy Light from the app store?
post #14 of 31
Does this affect OSX too? I would believe if iOS is vulnerable then so is OSX.
post #15 of 31
Quote:
Originally Posted by MacTel View Post

Does this affect OSX too? I would believe if iOS is vulnerable then so is OSX.

I believe it's been patched already and included in the most recent security update.

But I could be wrong...
post #16 of 31
I hope Apple will be patching the millions of 1st gen iPhones and iPod Touches as well.
post #17 of 31
Quote:
Originally Posted by Chopper View Post

I believe it's been patched already and included in the most recent security update.

But I could be wrong...

You are not wrong.
post #18 of 31
Quote:
Originally Posted by blur35mm View Post

How about posting a fix for breaking the car stereo integration???

My 3GS worked flawlessly with my car stereo until iOS 4 upgrade...tried every possible forum thread fix that has been suggested...NOTHING works. Opened a BugDev report and sent in logs so hopefully they fix it but it has been taking forever. Until then, I just use other audio in my vehicle that is non-Apple.

What kind of car stereo hookup are you talking about? I assume you're not talking about a cassette adapter that is plugged into your headphone jack on your iPhone, right? I don't see how that could get screwed up, because then your iPod function wouldn't work, and people would be freaking out if that were the case.

Also, has anyone experienced some pixel issues toward the top of the screen after jailbreaking, either on the bootup screen or on the main screen? If so, does it last or does it happen only after the first time you boot up right after jailbreaking it? I don't want mess up my good looking screen just to upgrade to iOS 4.

3GS
FW 4.26.08
3.0.1
post #19 of 31
The tone of this article seemed to question Apples intentions with respect to a fix. It is almost like people think that Apple wasn't about to bother. It is a significant security hole of course Apple will plug it someday.


Dave
post #20 of 31
Quote:
Originally Posted by Damn_Its_Hot View Post

Saw that coming. How many potential jailbreaker's are going to update though (until 4.1 iff it has compelling reasons)?

They'll just wait until 4.1 is jailbroken like they always do -- it's only a matter of time.
post #21 of 31
Quote:
Originally Posted by Damn_Its_Hot View Post

Saw that coming. How many potential jailbreaker's are going to update though (until 4.1 iff it has compelling reasons)?

4.0.1 is super stable while jailbroken. Having been jailbreaking devices for 4 years, I can say I'm very impressed with the iPhone 4/jailbroken.

Finally, Apple has put out iPhone hardware/software that is powerful enough to handle both its own function, and little extra via jailbreak, and see no hit to performance whatsoever. Gross amounts of free memory, without any problem, no slow animations, everything stable, clean, functional.

In short, I won't be updating my phone til at least 4.2, and only after another equally smooth jailbreak is released.

It's really a shame that this is truthfully such a potentially dangerous hole, because its the smoothest jailbreak i've ever seen, and its really working well. I don't know for certain if the method of jailbreak has anything to do with how well it has been performing, but hopefully they are unrelated, as it seems this method might be short lived if patched with 4.1
post #22 of 31
Quote:
Originally Posted by LABachlr View Post

What kind of car stereo hookup are you talking about? I assume you're not talking about a cassette adapter that is plugged into your headphone jack on your iPhone, right? I don't see how that could get screwed up, because then your iPod function wouldn't work, and people would be freaking out if that were the case.

Also, has anyone experienced some pixel issues toward the top of the screen after jailbreaking, either on the bootup screen or on the main screen? If so, does it last or does it happen only after the first time you boot up right after jailbreaking it? I don't want mess up my good looking screen just to upgrade to iOS 4.

3GS
FW 4.26.08
3.0.1

Yes, I've seen that pixel issue on my iPhone 4, but its only on the Apple logo screen, so i think its just a graphic, not a defect. Try putting a solid black image in your photo library and you'll see its not the screen. I think the devs may have done that intentionally to denote a jailbroken device, but forgot to pull it before it went up.
post #23 of 31
I also have the pixel issue, but I assumed it was a way of hiding code in the bootup image that causes it.
post #24 of 31
Quote:
Originally Posted by lamewing View Post

Not me. I am staying jailbroken, and for only ONE reason...tethering. AT&T's tethering "feature" is unacceptable. I could live with either:

1. $10 a month with unlimited, OR
2. FREE with a 2GB cap

As it stands, I will use tethering for free due to this pricing nonsense.

Yes, we know. There are people who will steal what they want if they think the price is too high.

Most criminals are smart enough not to advertise it, though.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #25 of 31
Quote:
Originally Posted by Masterz1337 View Post

I also have the pixel issue, but I assumed it was a way of hiding code in the bootup image that causes it.

Correct! They are storing the jailbreak code in the frame buffer so it shows up as a bunch of colored pixels on the boot screen. There is nothing wrong with your phone and no harm is down by using those pixels.
post #26 of 31
Quote:
Originally Posted by jragosta View Post

Or just not go to the site set up to jailbreak your phone?

Or, having gone to that site, don't tell the site that it's OK to jailbreak your phone?

What are you talking about? The poster was talking about his phone not working with his car stereo after he upgraded to iOS 4 - and wants Apple to fix that issue. He said nothing about using a jailbreak on his phone. Someone then responded that moving back to 3.x might restore his ability to use his phone with his car stereo. Again, nothing to do with a jailbreak.
post #27 of 31
Quote:
Originally Posted by davesw View Post

why don't you tell that to the 4.5 Million Android losers who got infected by a Spyware-Wallpaper app?

Jeez, it is really pathetic that you continue to repeat this deceptive and debunked lie, that wallpaper app you mention isn't a "spyware", so check the facts and stop being a tool spreading ignorant FUD. Kthxbye.
post #28 of 31
What about the proximity sensor?
"Overpopulation and climate change are serious shit." Gilsch
"I was really curious how they had managed such fine granularity of alienation." addabox
Reply
"Overpopulation and climate change are serious shit." Gilsch
"I was really curious how they had managed such fine granularity of alienation." addabox
Reply
post #29 of 31
Quote:
Originally Posted by davesw View Post

why don't you tell that to the 4.5 Million Android losers who got infected by a Spyware-Wallpaper app?

Fact check:

Quote:
Lookout Clarifies Accusations Against Suspicious Wallpaper App
...
Now at first glance, the story came off a little scary and was quickly picked up by over a dozen major news outlets, all jumping on the Android has no control bandwagon. And then today happened.

AndroidTapp and Android Central contacted the developer of the app in question, finding out that the report is apparently, complete BS. In fact, they have thrown together a step-by-step visual guide plus an interview explaining the absurdity of the claims made by Lookout who has now clarified their claims after their initial stance was called into question.

http://www.droid-life.com/2010/07/30...wallpaper-app/


See also the only publication that bothered to interview the developer, which includes links to Lookout's backpedaling from their original claims:

Android Wallpaper Apps Falsely Accused of Spyware and Stealing Sensitive User Data [FUD]
http://www.androidtapp.com/android-w...user-data-fud/
post #30 of 31
This is how Apple never wins. Currently their OS is in secure, once it's plugged though, Apple will be seen as anti-open, because it blocked a method to jailbreak the phone.

Disclaimer: The things I say are merely my own personal opinion and may or may not be based on facts. At certain points in any discussion, sarcasm may ensue.
Reply
Disclaimer: The things I say are merely my own personal opinion and may or may not be based on facts. At certain points in any discussion, sarcasm may ensue.
Reply
post #31 of 31
Quote:
Originally Posted by mjtomlin View Post

This is how Apple never wins. Currently their OS is in secure, once it's plugged though, Apple will be seen as anti-open, because it blocked a method to jailbreak the phone.


It will always be like that. Remember, the act of jailbreaking itself is essentially finding a security flaw within the device, and exploiting it to inject code into the OS to cause it to do things its not intended to do. That's *exactly* how malware works on any other platform.

Now, I'm not saying jailbreaking is the equivalent of malware. Hell, my 3GS is jailbroken right now. But yes, every jailbreak exploit is a security exploit, and its Apple's job to fix their OS to make their customers safe. If the good guys can jailbreak, the bad guys can do whatever they want.
Video editor, tech enthusiast, developer.

http://www.yuusharo.com
http://www.studioyuu.com
Reply
Video editor, tech enthusiast, developer.

http://www.yuusharo.com
http://www.studioyuu.com
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Software fix coming for iOS vulnerabilities