Apple investigating jailbreak vulnerabilities
An Apple spokeswoman acknowledged that the company is looking into a report on software vulnerabilities that allow remote control and 'jailbreaking' of its iOS devices.
After the French security firm Vupen posted an advisory about two critical security flaws in Apple's iOS, Apple stated that they are aware of the report and investigating it, according to Reuters.
The vulnerabilities are currently being utilized by jailbreakme.com to allow users to jailbreak an iOS device and install software independent of Apple's moderated App Store. A hacker known as "comex" developed the current jailbreak exploit and claims to know other potential exploits for when the current one is patched.
The jailbreak exploit has been called both "scary" and "very beautiful work" by one security expert. Whereas previous jailbreaks have usually required users to run software on their Mac or PC, this jailbreak takes place only on the device itself.
Mobile device security has been a hot issue as of late. Vupen's advisory comes just a few days after security experts released a root kit exploit for Android phones at the Defcon hackers conference in Las Vegas. Nicholas Percoco, who developed the exploit with a colleague, said the tool "wasn't difficult" and took two weeks to build.
After the French security firm Vupen posted an advisory about two critical security flaws in Apple's iOS, Apple stated that they are aware of the report and investigating it, according to Reuters.
The vulnerabilities are currently being utilized by jailbreakme.com to allow users to jailbreak an iOS device and install software independent of Apple's moderated App Store. A hacker known as "comex" developed the current jailbreak exploit and claims to know other potential exploits for when the current one is patched.
The jailbreak exploit has been called both "scary" and "very beautiful work" by one security expert. Whereas previous jailbreaks have usually required users to run software on their Mac or PC, this jailbreak takes place only on the device itself.
Mobile device security has been a hot issue as of late. Vupen's advisory comes just a few days after security experts released a root kit exploit for Android phones at the Defcon hackers conference in Las Vegas. Nicholas Percoco, who developed the exploit with a colleague, said the tool "wasn't difficult" and took two weeks to build.
Comments
Mobile device security has been a hot issue as of late. Vupen's advisory comes just a few days after security experts released a root kit exploit for Android phones at the Defcon hackers conference in Las Vegas. Nicholas Percoco, who developed the exploit with a colleague, said the tool "wasn't difficult" and took two weeks to build.
Sure iPhone is broke, but so is every other smart phone. It is an industry wide problem. Videos to come.
Anyway, this should be all behind us in a week or two from now.
Apple knows of the issue. They are working on a fix. I'm guessing they'll roll it in with iOS 4.1? If not, 4.0.2 then.
iPhone Dev team knows of the impending fix and already have a USB tethered option.
Interesting, Apple plugged this hole by iOS 4.1b2, before JailbreakMe came out. Not sure if it was intentional or not, but it’s closed. Here’s what I get when i go to the site.
Maybe, maybe not.
The site checks your system version, so that's just the site backing off before trying.
Interesting, Apple plugged this hole by iOS 4.1b2, before JailbreakMe came out. Not sure if it was intentional or not, but it?s closed. Here?s what I get when i go to the site.
Have you tried to downgrade? I'm sorry that I can not be of more assistance. Maybe someone more knowledgeable can help?
I jailbroke my iPhone 4 today, but then reverted it a couple hours later. Most of the apps that convinced me to jailbreak in the first place just didn't work. I suspect that they've not been updated for iOS4 and without any social functions like the App Store like reviews, there's no way for users to know this prior to downloading (or even after, they just appear nonfunctional).
yeah. they all sort of work if you have enough patience. It's cool for showing people a checklist of stuff you supposedly could do though....
[My apologies to John Lennon.]
Have you tried to downgrade? I'm sorry that I can not be of more assistance. Maybe someone more knowledgeable can help?
Thanks, but I was pointing out that the security hole is not active with iOS 4.1 beta 2. I know how to downgrade but I have no interest to do so or to jailbreak my device.
And ihxo is right, it might still be open but requires some changes that comex hasn?t implemented. I?m just posting what I know.
Thanks, but I was pointing out that the security hole is not active with iOS 4.1 beta 2. I know how to downgrade but I have no interest to do so or to jailbreak my device.
And ihxo is right, it might still be open but requires some changes that comex hasn?t implemented. I?m just posting what I know.
I must have misunderstood, my bad.
Well, at least developers with the beta are less likely to accidentally their phones.
I must have misunderstood, my bad.
Well, at least developers with the beta are less likely to accidentally their phones.
My post as ambiguous in that regard and could have been taken either way.
Whereas previous jailbreaks required users to run software on their Mac or PC, this is the first jailbreak that takes place only on the device itself.
This is actually not true - the very first public jailbreak, back before even the App Store existed, was also delivered via Mobile Safari right on the iPhone itself. I think it was even hosted by the same domain name, too.
Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and anyone dumb enough to do it deserves it.
So if I understand this right: go to a webpage that jailbreaks your phone and opens a huge security hole in your iPhone for mischief. AND you're doing it on purpose. All for a few marginally functional apps that you'll discover are crappy anyway only to revert to the original iOS anyway? Imagine a world where we all whine and complain that we couldn't jailbreak our refrigerators, microwaves, or TV's. Your phone is an appliance not your Jr. High science experiment. Go out and have a beer, meet up with some friends, play basketball, have s*x with your partner....whatever....but EVERYTHING in life is more important than jailbreaking your phone.
Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and anyone dumb enough to do it deserves it.
Whatever you do, DON'T look under the bed, the boogieman might get you! And always trust the government, they know what's best for you. And big companies always have your best interest in mind, and besides, no one can do anything on their product as well as they can. I'm sooooo glad that they came up with the oh so original ideas of third party apps, background wallpaper, tethering, multitasking, and others! We didn't even know we needed them until Apple told us we did. Well maybe jailbreakers had them ALL before apple released them, but jailbreaking is so SCARY!!! // Haha, don't be afraid little sister...
This is actually not true - the very first public jailbreak, back before even the App Store existed, was also delivered via Mobile Safari right on the iPhone itself. I think it was even hosted by the same domain name, too.
I was thinking the same thing, and your right, it was the same domain. There was also a jailbreak the used the emergency phone key pad on a non-activated iPhone to hactivate and jailbreak with no computer required.
yeah. they all sort of work if you have enough patience. It's cool for showing people a checklist of stuff you supposedly could do though....
There is a compatibility chart posted by the founder of Cydia app store at http://spreadsheets.google.com/ccc?k...2c&hl=en#gid=1
You should check their website often if you jailbreak at http://thebigboss.org they post news and update info regularly.
So if I understand this right: go to a webpage that jailbreaks your phone and opens a huge security hole in your iPhone for mischief. AND you're doing it on purpose. All for a few marginally functional apps that you'll discover are crappy anyway only to revert to the original iOS anyway? Imagine a world where we all whine and complain that we couldn't jailbreak our refrigerators, microwaves, or TV's. Your phone is an appliance not your Jr. High science experiment. Go out and have a beer, meet up with some friends, play basketball, have s*x with your partner....whatever....but EVERYTHING in life is more important than jailbreaking your phone.
Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and anyone dumb enough to do it deserves it.
YOU scare ME!
So if I understand this right: go to a webpage that jailbreaks your phone and opens a huge security hole in your iPhone for mischief. AND you're doing it on purpose. All for a few marginally functional apps that you'll discover are crappy anyway only to revert to the original iOS anyway? Imagine a world where we all whine and complain that we couldn't jailbreak our refrigerators, microwaves, or TV's. Your phone is an appliance not your Jr. High science experiment. Go out and have a beer, meet up with some friends, play basketball, have s*x with your partner....whatever....but EVERYTHING in life is more important than jailbreaking your phone.
Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and anyone dumb enough to do it deserves it.
1) The hole is already there, hence the jailbreak actually working via Safari.
2) There is already an app on Cydia you can install on your jailbroken iDevice to warn you that you may be opening a PDF that could access your system.
3) There are plenty of great features one can add for their jailbroken device. For instance, there is a great paid app for your lock screen that lists pretty much any at-a-glance data you can think of which the need for unlocking your phone and accessing a half dozen different apps.
These file format vulnerabilities are beginning to annoy me. PDF has been around for how long now? How fscking hard can it be to write a robust parser for a PDF with the amount of resources available with companies like Apple? It is nothing more than gross negligence.
No. COMEX was just brilliant! Not to mention he and the dev team are great guys and care about the JB comunity. People that don't like it just should NOT jb.