or Connect
AppleInsider › Forums › Mobile › iPhone › Hackers patch PDF exploit on older, jailbroken iOS devices
New Posts  All Forums:Forum Nav:

Hackers patch PDF exploit on older, jailbroken iOS devices

post #1 of 28
Thread Starter 
Apple has not released a patch for a PDF exploit that affects older iPhones and iPod touches, but ironically hackers who have used the security flaw to "jailbreak" iOS devices have delivered their own fix.

Earlier this week, Apple released iOS 4.0.2 for the iPhone 3G, iPhone 3GS, iPhone 4, and second- and third-generation iPod touch models, addressing a dangerous security flaw that could allow a hacker to take remote control of a device. It also released iOS 3.2.2, packing the same fix the iPad and iPad 3G.

But users of the first-generation iPhone and iPod touch do not have access to an official software update from Apple that will fix the PDF exploit. For them, the latest compatible version of iOS is 3.1.3.

A hacker who goes by the handle "Saurik," who also maintains the alternative storefront Cydia, released a PDF patch this week that addresses the exploit for all devices and all firmware versions, dating back to iOS 2.x.

"Since the only reason for 4.0.2 was to fix the security holes, and since the upcoming Cydia package will fix them too (and then some!), everybody should sit tight on 4.0.1 (or lower) and install the Cydia package as soon as its out," the iPhone Dev-Team wrote on its official blog. "Jailbreakers can have their cake and eat it too."

Ironically, those same hackers relied on the very same exploit to create a browser-based jailbreak for iOS devices, including the iPhone and iPad.



Jailbreaking allows users to run software not approved by Apple, which has no plans to allow users to install third-party applications downloaded from outside its sanctioned App Store. Hackers have created their own custom applications -- many free, and some for purchase from an alternative storefront known as Cydia.

Though it can void Apple's product warranty, the process is legal, as the U.S. Library of Congress officially declared last month. The government approved the measure as an exemption to a federal law which prevents the circumvention of technical measures that keep users from accessing and modifying copyrighted works.

Jailbreaking also allows users to pirate App Store software, one reason Apple has been opposed to the practice.
post #2 of 28
Interesting - I assume they want to close the door behind themselves (i.e., jailbreak then patch).
post #3 of 28
My only question is, if you're jailbroken and install this patch, and need to restore and rejailbreak your phone, will you have a problem? I guess the answer is no, as long as you manage to restore to 4.0.1.
post #4 of 28
Goes to show you where Apple's head is at these days. No fix for the antenna, no fix for the proximity sensor, no fix for the 3G that has been hobbled by iOS4. But they couldn't wait to get out a fix to keep you from jailbreaking.

All they care about is keeping you in that walled garden. And you love it don't you guys??
post #5 of 28
Quote:
Originally Posted by pmz View Post

My only question is, if you're jailbroken and install this patch, and need to restore and rejailbreak your phone, will you have a problem? I guess the answer is no, as long as you manage to restore to 4.0.1.

I just checked, and it's a mobilesubstrate add-on, so it should be gone after a restore, making a re-jailbreak possible.
post #6 of 28
Quote:
Originally Posted by Blackintosh View Post

Goes to show you where Apple's head is at these days. No fix for the antenna, no fix for the proximity sensor, no fix for the 3G that has been hobbled by iOS4. But they couldn't wait to get out a fix to keep you from jailbreaking.

All they care about is keeping you in that walled garden. And you love it don't you guys??

Hello!? It's a serious security flaw for non-jailbreakers. You know the regular people. In fact for everyone. The flaw could be used to do much more serious issue than just jailbreaking. Had Too much anti-Apple koolaid today?

It wasn't fixed to stop jailbreakers. I sure as hell don't want my phone compromised coz of a dirty PDF file.
post #7 of 28
hey are you guys blind apple has posted a fix for this .
post #8 of 28
Quote:
Originally Posted by mrfish View Post

hey are you guys blind apple has posted a fix for this .

Apple has not issued an update for first generation devices, or an update for those of us with older devices (I'm keeping my iPhone 3G on iOS 3.x) that don't want to upgrade those to iOS 4.x.
post #9 of 28
Quote:
Originally Posted by Wurm5150 View Post

Hello!? It's a serious security flaw for non-jailbreakers. You know the regular people. In fact for everyone. The flaw could be used to do much more serious issue than just jailbreaking. Had Too much anti-Apple koolaid today?

It wasn't fixed to stop jailbreakers. I sure as hell don't want my phone compromised coz of a dirty PDF file.

It's not about anti Apple koolaid to expect Apple to be making key fixes a priority. I think that the expectation for Apple to get some of these other issues fixed is legitimate. The antenna has not been an issue for me but it evidently has been for some but the proximity problems are annoying and it would be nice for them to get updates out for those as quickly as they did for the pdf issue. It is also strange that Apple has not yet released a pdf fix for older iphones and they should get that out as soon as possible to.
post #10 of 28
Quote:
Originally Posted by Blackintosh View Post


All they care about is keeping you in that walled garden. And you love it don't you guys??

Maybe you think everything should be free, like the jailbreakers and hackers, but most regular consumers know that the so-called "walled garden" is what allows Steve to do R&D to bring us so many great products.
post #11 of 28
Quote:
Originally Posted by bulk001 View Post

It's not about anti Apple koolaid to expect Apple to be making key fixes a priority.

Yes. As a person with a hobbled 3G, who cares about the patch when the f-ing phone is such a pain to use?
post #12 of 28
Quote:
Originally Posted by delete View Post

Yes. As a person with a hobbled 3G, who cares about the patch when the f-ing phone is such a pain to use?

Have you tried a clean install of 4.x, or downgrading your 3G to 3.1.3?
post #13 of 28
Quote:
Originally Posted by William 3.0 View Post

Have you tried a clean install of 4.x, or downgrading your 3G to 3.1.3?

I've tried all the various suggestions except for going back to 3.1.3. I think that's next.
post #14 of 28
While this is of course really great news for first-gen. iPhone & iPod Touch users, it does NOTHING to address the gap Apple has created with OTHER security fixes since iOS 4.x was released for newer ones!

Here are just a FEW of the security holes Apple did not yet patch on first-gen. iPhone & iPod Touch:
http://support.apple.com/kb/HT4225

Heck, Apple even DOCUMENTS that it affects iOS 2.0 through 3.1.3!!! AND, there are a LOT of them!
post #15 of 28
I'm torn. On one hand I'd prefer to see Apple issue security updates for the previous-version OS, as they do on the Mac. On the other hand, my first-gen iPhone has enough jailbreak hacks and apps that it would be kind of a pain to deal with an Apple update then get everything back the way I like it.
post #16 of 28
Saurik is an interesting guy. This year I had the pleasure of a couple hours of his time at the front of the WWDC line. After the keynote, I noticed that he ended up talking with some of the engineers that linger near the foot of the stage.
post #17 of 28
Quote:
Originally Posted by Blackintosh View Post

...But they couldn't wait to get out a fix to keep you from jailbreaking.
...And you love it don't you guys??

It has nothing to do with jailbreaking (although the exploit can be used for that). It does however have to do with fixing a security flaw. I personally rather like security fixes as soon as they are available. Did you ever stop to consider that the other issues are a bit more complex to fix and therefore take longer - or would you really advocate holding this till the other stuff could be fixed sometime later - didn't think so.

As far as loving it - not nearly as much as when you were gone for awhile. Seemed a lot more peaceful then!
post #18 of 28
Maybe it's the Elephant in the room (or not - maybe it's just me).....

Now that iPhone's are ubiquitous, hackers have gone over to the dark side, after getting tired of constantly hacking Windows platforms.

Are we now doing to see weekly or monthly unauthorized hacks of our iPhones, which will keep Apple releasing *.01 fixes, ad nauseum, to keep one step ahead of them.

As those of us who use Windows at work well know - the list of security fixes is well over a hundred or more, and with each fix, the software gets more bloated, and the hardware more constipated.

I would be very discouraged at Apple, if I was a programmer who had to worry about a new fix having to be put out every week or so. Right now, enough folks are accusing Apple of "bloatware" with the 4.0 software being used on older devices, which some think may be released for these devices with total disregard for performance, since this builds in planned obsolescense for older devices (think of how often you had to upgrade your PC's to keep up with the bloatware that was slowing your PC, with Microsoft saying that the reason was all these new features that you just HAD to have - Puleeeze!). Just thinking out loud, and hoping against hope that there is no elephant.
post #19 of 28
Quote:
Originally Posted by delete View Post

Yes. As a person with a hobbled 3G, who cares about the patch when the f-ing phone is such a pain to use?

I upgraded from a 3G with 4.0 installed to the iPhone 4 and there is a dramatic difference in operability. Of course that is not an option for everyone and I agree that Apple needs to get iOS 4 working properly on the 3G (or allow people an easy way to downgrade to 3.x)
post #20 of 28
If apple won't support the 2G and 3G phones with software updates even for exploits, then Apple cannot complain about the hackers doing it.
post #21 of 28
Saurik is not a hacker, he is a software engineer. He is not in the business of hacking iPhones, he just writes software, and distributes software for people who choose to stray outside the walled garden. I also love the mention of piracy which has NOTHING to do with Apple not offering security patches for devices they have yet to declare and end of support for. Saurik makes money selling apps just like Apple, I am sure he likes pirates just as much as they do.
post #22 of 28
Quote:
Originally Posted by AIaddict View Post

Saurik is not a hacker, he is a software engineer. He is not in the business of hacking iPhones, he just writes software, and distributes software for people who choose to stray outside the walled garden.

Saurik is a maverick... he single handedly (as in all by himself) turned iOS (then merely OS X, then iPhone OS) from Darwin BSD into a filesystem and userland that looks like Linux. Then he gave it the Debian package management, apt, long before Apple invented package management with the AppStore, and ported just about every cli tool you can imagine. If this isn't a hack, nothing is.

Bravo, Saurik. But you are one man... just in case, you should take an apprentice... I think Semaphore is up to it. Give him copies of the keys before the unexpected happens... (like your curiosity becomes satisfied and you lose interest or something awful like that).
post #23 of 28
My iPad 3G actually works a lot better now that it is jailbreaked and I have installed Backgrounder. Before, Atomic Browser would actually open the wrong links in background tabs on certain sites such as NYTimes and Slate. Now I can multitask on my iPad and everything goes swimmingly. Thanks, Saurik, where ever you are.
Hey, this Kool-Aid is delicious, what do you put in it?!
Reply
Hey, this Kool-Aid is delicious, what do you put in it?!
Reply
post #24 of 28
Quote:
Originally Posted by Eriamjh View Post

If apple won't support the 2G and 3G phones with software updates even for exploits, then Apple cannot complain about the hackers doing it.

Nope. Security updates might as well be part of the jailbreaking process.

HP Omni 100-5100z, 500GB HDD, 4GB RAM; ASUS Transformer, 16GB, Android 4.0 ICS
Although I no longer own Apple products like I did before, I'll continue to post my opinions.

Reply

HP Omni 100-5100z, 500GB HDD, 4GB RAM; ASUS Transformer, 16GB, Android 4.0 ICS
Although I no longer own Apple products like I did before, I'll continue to post my opinions.

Reply
post #25 of 28
Not a bad idea, but not likely to keep up with Apple's patches...

Apple really needs to step-up and patch 3.1.3-limited devices!


Quote:
Originally Posted by Zc456 View Post

Nope. Security updates might as well be part of the jailbreaking process.
post #26 of 28
Who would trust a security patch from a hacker?
post #27 of 28
IF a security patch is open source, and compilable by the end user, you can validate it yourself.


Quote:
Originally Posted by ascii View Post

Who would trust a security patch from a hacker?
post #28 of 28
Quote:
Originally Posted by ascii View Post

Who would trust a security patch from a hacker?

Well you already hacked your device, installed unauthorized apps, and even modified the look of your device beyond what was originally available. Might as well patch it.

HP Omni 100-5100z, 500GB HDD, 4GB RAM; ASUS Transformer, 16GB, Android 4.0 ICS
Although I no longer own Apple products like I did before, I'll continue to post my opinions.

Reply

HP Omni 100-5100z, 500GB HDD, 4GB RAM; ASUS Transformer, 16GB, Android 4.0 ICS
Although I no longer own Apple products like I did before, I'll continue to post my opinions.

Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Hackers patch PDF exploit on older, jailbroken iOS devices