Apple investigating jailbreak vulnerabilities

Posted:
in iPhone edited January 2014
An Apple spokeswoman acknowledged that the company is looking into a report on software vulnerabilities that allow remote control and 'jailbreaking' of its iOS devices.



After the French security firm Vupen posted an advisory about two critical security flaws in Apple's iOS, Apple stated that they are aware of the report and investigating it, according to Reuters.



The vulnerabilities are currently being utilized by jailbreakme.com to allow users to jailbreak an iOS device and install software independent of Apple's moderated App Store. A hacker known as "comex" developed the current jailbreak exploit and claims to know other potential exploits for when the current one is patched.



The jailbreak exploit has been called both "scary" and "very beautiful work" by one security expert. Whereas previous jailbreaks have usually required users to run software on their Mac or PC, this jailbreak takes place only on the device itself.



Mobile device security has been a hot issue as of late. Vupen's advisory comes just a few days after security experts released a root kit exploit for Android phones at the Defcon hackers conference in Las Vegas. Nicholas Percoco, who developed the exploit with a colleague, said the tool "wasn't difficult" and took two weeks to build.
«13

Comments

  • Reply 1 of 52
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by AppleInsider View Post


    Mobile device security has been a hot issue as of late. Vupen's advisory comes just a few days after security experts released a root kit exploit for Android phones at the Defcon hackers conference in Las Vegas. Nicholas Percoco, who developed the exploit with a colleague, said the tool "wasn't difficult" and took two weeks to build.



    Sure iPhone is broke, but so is every other smart phone. It is an industry wide problem. Videos to come.
  • Reply 2 of 52
    markmsmarkms Posts: 9member
    I guess this is more of an incentive for Apple to fix this exploit as soon as possible. Had "comex" just alerted Apple of the issue, it would have taken a while before we would have a fix and possible acknowledgment of the exploit.



    Anyway, this should be all behind us in a week or two from now.



    Apple knows of the issue. They are working on a fix. I'm guessing they'll roll it in with iOS 4.1? If not, 4.0.2 then.

    iPhone Dev team knows of the impending fix and already have a USB tethered option.
  • Reply 3 of 52
    solipsismsolipsism Posts: 25,726member
    Interesting, Apple plugged this hole by iOS 4.1b2, before JailbreakMe came out. Not sure if it was intentional or not, but it?s closed. Here?s what I get when i go to the site.
  • Reply 4 of 52
    ihxoihxo Posts: 567member
    Quote:
    Originally Posted by solipsism View Post


    Interesting, Apple plugged this hole by iOS 4.1b2, before JailbreakMe came out. Not sure if it was intentional or not, but it’s closed. Here’s what I get when i go to the site.



    Maybe, maybe not.



    The site checks your system version, so that's just the site backing off before trying.
  • Reply 5 of 52
    I jailbroke my iPhone 4 today, but then reverted it a couple hours later. Most of the apps that convinced me to jailbreak in the first place just didn't work. I suspect that they've not been updated for iOS4 and without any social functions like the App Store like reviews, there's no way for users to know this prior to downloading (or even after, they just appear nonfunctional).
  • Reply 6 of 52
    drdoppiodrdoppio Posts: 1,132member
    Quote:
    Originally Posted by solipsism View Post


    Interesting, Apple plugged this hole by iOS 4.1b2, before JailbreakMe came out. Not sure if it was intentional or not, but it?s closed. Here?s what I get when i go to the site.



    Have you tried to downgrade? I'm sorry that I can not be of more assistance. Maybe someone more knowledgeable can help?
  • Reply 7 of 52
    ihxoihxo Posts: 567member
    Quote:
    Originally Posted by mbarriault View Post


    I jailbroke my iPhone 4 today, but then reverted it a couple hours later. Most of the apps that convinced me to jailbreak in the first place just didn't work. I suspect that they've not been updated for iOS4 and without any social functions like the App Store like reviews, there's no way for users to know this prior to downloading (or even after, they just appear nonfunctional).



    yeah. they all sort of work if you have enough patience. It's cool for showing people a checklist of stuff you supposedly could do though....
  • Reply 8 of 52
    damn_its_hotdamn_its_hot Posts: 1,213member
    And though the holes were rather small. They had to count them all. Now they know how many holes it takes to fill the browsers all...





    [My apologies to John Lennon.]
  • Reply 9 of 52
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by DrDoppio View Post


    Have you tried to downgrade? I'm sorry that I can not be of more assistance. Maybe someone more knowledgeable can help?



    Thanks, but I was pointing out that the security hole is not active with iOS 4.1 beta 2. I know how to downgrade but I have no interest to do so or to jailbreak my device.



    And ihxo is right, it might still be open but requires some changes that comex hasn?t implemented. I?m just posting what I know.
  • Reply 10 of 52
    drdoppiodrdoppio Posts: 1,132member
    Quote:
    Originally Posted by solipsism View Post


    Thanks, but I was pointing out that the security hole is not active with iOS 4.1 beta 2. I know how to downgrade but I have no interest to do so or to jailbreak my device.



    And ihxo is right, it might still be open but requires some changes that comex hasn?t implemented. I?m just posting what I know.



    I must have misunderstood, my bad.



    Well, at least developers with the beta are less likely to accidentally their phones.
  • Reply 11 of 52
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by DrDoppio View Post


    I must have misunderstood, my bad.



    Well, at least developers with the beta are less likely to accidentally their phones.



    My post as ambiguous in that regard and could have been taken either way.
  • Reply 12 of 52
    irqirq Posts: 1member
    Quote:
    Originally Posted by AppleInsider View Post


    Whereas previous jailbreaks required users to run software on their Mac or PC, this is the first jailbreak that takes place only on the device itself.



    This is actually not true - the very first public jailbreak, back before even the App Store existed, was also delivered via Mobile Safari right on the iPhone itself. I think it was even hosted by the same domain name, too.
  • Reply 13 of 52
    So if I understand this right: go to a webpage that jailbreaks your phone and opens a huge security hole in your iPhone for mischief. AND you're doing it on purpose. All for a few marginally functional apps that you'll discover are crappy anyway only to revert to the original iOS anyway? Imagine a world where we all whine and complain that we couldn't jailbreak our refrigerators, microwaves, or TV's. Your phone is an appliance not your Jr. High science experiment. Go out and have a beer, meet up with some friends, play basketball, have s*x with your partner....whatever....but EVERYTHING in life is more important than jailbreaking your phone.



    Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and B) anyone dumb enough to do it deserves it.
  • Reply 14 of 52
    jhysonjhyson Posts: 11member
    Quote:
    Originally Posted by KangaMoJo View Post


    So if I understand this right: go to a webpage that jailbreaks your phone and opens a huge security hole in your iPhone for mischief. AND you're doing it on purpose. All for a few marginally functional apps that you'll discover are crappy anyway only to revert to the original iOS anyway? Imagine a world where we all whine and complain that we couldn't jailbreak our refrigerators, microwaves, or TV's. Your phone is an appliance not your Jr. High science experiment. Go out and have a beer, meet up with some friends, play basketball, have s*x with your partner....whatever....but EVERYTHING in life is more important than jailbreaking your phone.



    Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and B) anyone dumb enough to do it deserves it.



    Whatever you do, DON'T look under the bed, the boogieman might get you! And always trust the government, they know what's best for you. And big companies always have your best interest in mind, and besides, no one can do anything on their product as well as they can. I'm sooooo glad that they came up with the oh so original ideas of third party apps, background wallpaper, tethering, multitasking, and others! We didn't even know we needed them until Apple told us we did. Well maybe jailbreakers had them ALL before apple released them, but jailbreaking is so SCARY!!! // Haha, don't be afraid little sister...
  • Reply 15 of 52
    jhysonjhyson Posts: 11member
    Quote:
    Originally Posted by irq View Post


    This is actually not true - the very first public jailbreak, back before even the App Store existed, was also delivered via Mobile Safari right on the iPhone itself. I think it was even hosted by the same domain name, too.



    I was thinking the same thing, and your right, it was the same domain. There was also a jailbreak the used the emergency phone key pad on a non-activated iPhone to hactivate and jailbreak with no computer required.
  • Reply 16 of 52
    Quote:
    Originally Posted by ihxo View Post


    yeah. they all sort of work if you have enough patience. It's cool for showing people a checklist of stuff you supposedly could do though....



    There is a compatibility chart posted by the founder of Cydia app store at http://spreadsheets.google.com/ccc?k...2c&hl=en#gid=1

    You should check their website often if you jailbreak at http://thebigboss.org they post news and update info regularly.
  • Reply 17 of 52
    Quote:
    Originally Posted by KangaMoJo View Post


    So if I understand this right: go to a webpage that jailbreaks your phone and opens a huge security hole in your iPhone for mischief. AND you're doing it on purpose. All for a few marginally functional apps that you'll discover are crappy anyway only to revert to the original iOS anyway? Imagine a world where we all whine and complain that we couldn't jailbreak our refrigerators, microwaves, or TV's. Your phone is an appliance not your Jr. High science experiment. Go out and have a beer, meet up with some friends, play basketball, have s*x with your partner....whatever....but EVERYTHING in life is more important than jailbreaking your phone.



    Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and B) anyone dumb enough to do it deserves it.







    YOU scare ME!
  • Reply 18 of 52
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by KangaMoJo View Post


    So if I understand this right: go to a webpage that jailbreaks your phone and opens a huge security hole in your iPhone for mischief. AND you're doing it on purpose. All for a few marginally functional apps that you'll discover are crappy anyway only to revert to the original iOS anyway? Imagine a world where we all whine and complain that we couldn't jailbreak our refrigerators, microwaves, or TV's. Your phone is an appliance not your Jr. High science experiment. Go out and have a beer, meet up with some friends, play basketball, have s*x with your partner....whatever....but EVERYTHING in life is more important than jailbreaking your phone.



    Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and B) anyone dumb enough to do it deserves it.



    1) The hole is already there, hence the jailbreak actually working via Safari.



    2) There is already an app on Cydia you can install on your jailbroken iDevice to warn you that you may be opening a PDF that could access your system.



    3) There are plenty of great features one can add for their jailbroken device. For instance, there is a great paid app for your lock screen that lists pretty much any at-a-glance data you can think of which the need for unlocking your phone and accessing a half dozen different apps.
  • Reply 19 of 52
    These file format vulnerabilities are beginning to annoy me. PDF has been around for how long now? How fscking hard can it be to write a robust parser for a PDF with the amount of resources available with companies like Apple? It is nothing more than gross negligence.
  • Reply 20 of 52
    Quote:
    Originally Posted by talksense101 View Post


    These file format vulnerabilities are beginning to annoy me. PDF has been around for how long now? How fscking hard can it be to write a robust parser for a PDF with the amount of resources available with companies like Apple? It is nothing more than gross negligence.



    No. COMEX was just brilliant! Not to mention he and the dev team are great guys and care about the JB comunity. People that don't like it just should NOT jb.
Sign In or Register to comment.