Thanks to the recent DMCA ruling, Apple can't sue you or get you arrested if you jailbreak your phone but there's no requirement that Apple has to facilitate it. Apple is free to try and prevent jailbreaking from happening using technical means, and they're free to deny warranty support to jailbroken phones.
The only people who really care about the ruling are the people who create jailbreak exploits. Those people had a legitimate concern that Apple would pursue legal action against them for creating the exploits. Now they have a legal right to do so.
It's been legal all along. This ruling just clarifies that. Apple admitted that long ago. Their situation is simply that while it's legal, they don't have to offer warrantee support for those who do it. That's understandable, as using some software can possibly cause problems.
Apple has never even hinted at suing jailbreakers, or those making the software that initiates it.
And of course, every pirated app would have been purchased if it wasn't pirated.
Does that really matter? Do we now have the opinion that anyone who wants someone's work has the right to it, even they won't pay for it? That seems to be a very poor philosophy.
What would happen if your boss came to you and wanted to cut your salery in half because so much product was being stolen, she couldn't afford to pay you what you were getting before? Or what if she had to fire you because of it? Would you feel as though those getting the product for free were ok, because they MIGHT not have bought it otherwise?
Gizmodo is not a good source for matters such as this.
You could probably come up with a much better link to describe the situation. Even before all the nonsense between Giz and Apple they were a shoddy source for this sort of thing, and today they've just become downright useless for issues related to Apple.
I posted this in a previous thread where we discussed this. It's part of the original
DMCA. This is NOT a newly interpreted part of the code. What the LOC did was to answer a question about what the statuate meant in relation to this area of which we're speaking. The LOC simply clarified that this section of the code did indeed apply to jailbreaking, and some other areas. Here it is. And, by the way, in that other discussion, the person I posted it to didn't understand that he couldn't take parts of a few sentences and highlight them, and then use that truncated part to change the meaning to what he wanted it to mean. This is legal discourse and must be taken as a whole.
Quote:
(f) Reverse Engineering.?
(1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.
(2) Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph (1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.
(3) The information acquired through the acts permitted under paragraph (1), and the means permitted under paragraph (2), may be made available to others if the person referred to in paragraph (1) or (2), as the case may be, provides such information or means solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section.
(4) For purposes of this subsection, the term ?interoperability? means the ability of computer programs to exchange information, and of such programs mutually to use the information which has been exchanged.
No effect on unlocking? Hmmm. Wonder if a t-mobile announcement is imminent, which would allow any ATT iPhone to go over to T-mobile immediately (assuming the dreaded penalty isn't too much of a deterrent). I ran into T-mobile folks who couldn't get much coverage at the Oshkosh airshow this year, whereas ATT was no problem (it wasn't a T-mobile iphone).
You still won't be able to use 3G on T-Mobile because of that odd 1700MHz frequency they use.
This is mostly irrelevant and not true. Regardless of their inner feelings or whatever, jailbreakers enable theft (piracy), pure and simple. Whether they mean to or not, whether they agree with it or not, are all irrelevant to the actual fact.
Several app makers have defended higher prices by saying that their apps have been stolen and that's the reason why. Several developers have also gone on the record as "thinking of raising the price" when they found out that 90% or their users were actually thieves. it could also be argued that the ancillary costs of supporting stolen apps (because the developer can't tell who is a legit owner), and the costs of security in general, contribute to the prices in the app store.
This is also a bit misleading at best.
The DCMA actually "outlaws" jailbreaking except for the recent decision by the Library of Congress that modified it. This made jailbreaking "legal," but only under certain specific circumstances, one of which as you correctly note, is the need to move to another carrier. The other is to install legal software that Apple doesn't allow in it's store.
So by definition, 40% of all jailbreaks are still explicitly "illegal" according to the DCMA because they are using the jailbreak to steal software. Some percentage of the rest are likely illegal as well.
Given that iPhone is already sold unlocked in many places and that the exclusivity arrangement with AT&T is about to end, it's likely that the whole "unlocking" reason will go away entirely in a very short time frame as well. So that will leave the only legal reason to jailbreak being the "need" to install some crappy app that was denied from the app store for some lame moral reason, like the boobies app or whatever.
Finally, it's you that don't understand the background here because you totally missed my last point which was that the recent decision by the Library of Congress used an unprecedented measure. To do the jailbreak at all, it's required that you use some of Apple's code. This has always been illegal. This recent decision however said that because it was only a "little bit" of code, it was okay.
For that reason I think it's a poor and possibly illegal decision by a body that doesn't really have the power to make it, and is just unjustifiable in my opinion.
A parallel might be that if I sold bicycles that had a patented anti-theft device built into it, the Library of congress is saying that it's okay for some hacker to use a bit of my bicycle locking technology to unlock the bicycle just because he needs the bicycle for something else. They are saying that a customer, simply by virtue of buying a device has the right to knowledge about every single part of it, how it works, how it's put together and the private IP and secret codes of the manufacturer, simply by virtue of them having paid a hundred bucks at the store for the bicycle.
I, and a lot of other people completely disagree that this is reasonable or (ultimately), legal.
As I've shown several times, it's incorrect to say that jailbreaking was illegal earlier. Even Apple acknowledged that it was legal some time ago.
Does anyone here think that Apple wouldn't have gone after those that enabled jailbreaking if it weren't legal? They sure would have!
1. App prices are still pretty damn cheap. Free or $.99 rule the day for the most part. I've paid more for some apps and they've still been quite worthwhile. I have seen no hard evidence that your point regarding app piracy is actually having an impact on pricing in the app store. The developers may, or may not, choose to continue developing for the iPhone but what will they do? WIll they develop for Android where users are even less inclined to pay money for software? Software piracy has been an issue since users have had the ability to load programs on their computers/devices.
2. This exploit needed to be publicized. Yes, it could have been handled better, but in the end a fix has been produced to eliminate that particular vulnerability. If jailbreaking leads to discovery of flaws like this then isn't it acting as another level of quality assurance?
3. You got me there. Like I said above, I'm not jailbroken. I'd put forth that a noisy jailbreak zealot is no less irritating to listen to than any other noisy zealot.
Anyway, it's disingenuous to assume that all jailbroken phones are in the hands of piratey hackers up to no good. If I'm not mistaken, jailbreaking is a prerequisite for unlocking the iPhone. Many jailbreak just so they won't have to use AT&T. Would you suggest that people who are out of their contract obligation only be able to ever use their bought and paid for iPhone if they also use AT&T's network?
The one problem with jailbreakers is that they now have temptation before them that they didn't have before. Temptation makes good people do bad things. While many jailbreakers have no interest in pirating when they first jailbreak, many do.
The difficulty here is that when looking at the programs available, one will, just for the sake of curiosity, look at the pirated apps, "just to see what's there." And then, again just for the sake of curiosity will download one, only to see if it really works. When it does, next time it's a bit easier. We all know how that works. I bet no one here ever walks on a red light either?
After some time, a certain number of people will first see if an app they want is pirated before going to the app store itself. This is why a lot of developers are concerned about app piracy. To say that it's not significant, isn't true. The situation is much worse with Android, where piracy is even easier.
You talk a lot of none sense. i jailbreak my phone to be able to unlock, be able to install apple rejected apps and overpriced apps like tomtom and navigon. I BUY ALL MY APPS AND I KNOW MOST OF JAILBREAKERS DO BUY ALL THEIR APPS
So you pay for all of your apps, but install "overpriced ones" like Tomtom and Navigon?
How do you do that? If you aren't paying for what they are asking for their apps, then you aren't paying for them at all.
Thats the most amazing amount of dissembling I've seen in a long time.
You are a real pirate, even if you lack the understanding to knoe it.
i jailbreaked (jailbroke?) my iphone for the sole purpose of unlocking it so i can use it on another carrier when i travel out of the country. i ain't gonna rush out and install this update any time soon.
i jailbreaked (jailbroke?) my iphone for the sole purpose of unlocking it so i can use it on another carrier when i travel out of the country. i ain't gonna rush out and install this update any time soon.
While the PDF hole is certainly filled there were other exploits needed for that jailbreak to work. I haven't heard yah or nah on the subject but it's possible Apple didn't fix those holes. On top of that, there are surely other exploits to be found; perhaps already found. Maybe we'll see a tethered jailbreak from Dev Team for 4.0.2 or for 4.1. Hopefully for at least 4.1.
What have they done? Has a jailbreaker ever damaged your own phone remotely? If anything, I am sure the JB community has actually helped users more than you know.
It's quite simple, the jailbreaking method exposed a security breach of iOS without notifying Apple and give them some time to fix it. It is of course clear why Apple wasn't notified.
But this exposed all iOS users to hackers able to reverse engineer the exploit.
The fact (?) that no exploit (other than jailbreaking) spread in the wild is no excuse for the irresponsible jailbreak released by the 'jailbreak community'.
It shows clearly that they are only concerned about there jailbreak glory and not at all concerned about the safety of iOS users.
It takes so long to install iDevice OS updates that I don't know if I can be bothered. And if someone hacks my iPad more power to them - there's nothing of value kept on it anyways.
FreeType 2 CFF font stack corruption vulnerability
Overview
FreeType 2 contains a vulnerability in the processing of CFF fonts, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
I. Description
FreeType is a font engine that can open and process font files. FreeType 2 includes the ability to handle a number of font types, including Compact Font Format (CFF). FreeType is used by a number of applications, including PDF readers, web browsers, and other applications. FreeType 2 contains a flaw in the handling of some CFF opcodes, which can result in stack corruption. This can allow arbitrary code execution.
This vulnerability is being used in the iPhone PDF JailBreak exploit.
II. Impact
By causing an application that uses FreeType to parse a specially-crafted CFF font, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This can occur as the result of opening a PDF document or viewing a web page.
III. Solution
Apply an update
This vulnerability is fixed in the FreeType source tree. Please check with your vendor for an update.
Type 42 fonts consist of a PostScript language "wrapper" around a TrueType font. A Type 42 font is usually generated by a printer driver to download TrueType fonts to a PostScript printer that includes a TrueType rasterizer. By this method the TrueType font is interpreted directly, which provides the most accurate results. See Adobe Technical Note 5012, The Type 42 Font Format Specification (PDF, 159k).
Download the technical note and its not hard to see how any system that has a postscript interpreter to handle these postscript wrapped Truetype fonts can run a shell script of sorts to run arbitrary commands.
They publicised a zero-day vulnerability in the iPhone and left every iPhone user in the world open to malicious hackers
No they didn't. The security hole was published by other parties, they just used it. Telling YOU about the hole did not change the security of the system one iota.
Quote:
Originally Posted by Prof. Peabody
- They also enable massive theft of apps which raises the prices in the app store.
- Roughly 40% of them are thieves and steal apps themselves
- They publish endless dribble to forums like this about the benefits of jailbreaking
Well the first claim here is clearly false, and the second two are not problems.
Quote:
Originally Posted by Prof. Peabody
Jailbreaking is also still illegal really
No it is not. It never was. You have always had the right to jailbreak your phone. Always.
What HAS changed is that it is now legal to circumvent a technical lock to make a tool to jailbreak. The recent change affected programmers, not users.
Quote:
Originally Posted by Prof. Peabody
given that the recent ruling by the Library of Congress seriously overstepped their authority and decided things that are completely unprecedented (like it's okay to steal Apple's code since it was only a "small amount"?).
None of these statements is remotely true.
First of all it was the EFF, not the LoC.
Second of all, neither group changed the law, that is up to the lawmakers in the process.
Third of all, no code was given away, or even mentioned for that matter.
Quote:
Originally Posted by Prof. Peabody
If they had followed precedent and common law principles, jailbreaking would never have even become the "quasi-legal" thing it is now and remained firmly "illegal."
Jailbraking is, and always was, legal. You do not know what you are talking about.
Maury
p.s. For those of you who want to know about the reality here, download the TVO Search Engine podcast about it. It's very informative.
If you have an older device that won't run 4.0.2 you should jailbreak and patch ASAP. You can always restore if Apple ever decides to do the right thing and issue an official patch. For now, the ONLY way to secure these devices is with a jailbreak patch.
Will it brick previously jailbroken iPhones? I sure hope so. Those Jailbreakers don't have any excuse left for what they do to us.
Quote:
Originally Posted by William 3.0
What exactly has a Jailbreaker done to you?
Quote:
Originally Posted by Bancho
Seriously? What impact have those who jailbreak their phones had on you?
Quote:
Originally Posted by ghostface147
What have they done? Has a jailbreaker ever damaged your own phone remotely? If anything, I am sure the JB community has actually helped users more than you know.
Quote:
Originally Posted by adisor19
OH NOEZ !!1ONEOEN ZE JAILBREAKERS ARE OUT TO KILL US
Adi
Quote:
Originally Posted by S8ER01Z
You mean leaving AT&Ts pos network? How dare they.
Quote:
Originally Posted by 2oh1
Care to explain that?
Quote:
Originally Posted by AIaddict
Not only will it not brick a jailbroken phone, Apple also chose not to patch the baseband holes that are used to unlock the iPhones. It seems like Apple is much more interested in closing serious security flaws than fighting the jailbreak and unlock community. Some of their brain dead fanboi's on the other hand are still living in LaLa land.
Quote:
Originally Posted by sarges
probably they shattered his day-dreaming that everything is perfect and hunky-dory at Apple, and that every invention under the sun was originated from US of A. The guy is still reeling from the shock
Quote:
Originally Posted by pmz
Get a grip
Quote:
Originally Posted by delizazam
You talk a lot of none sense. i jailbreak my phone to be able to unlock, be able to install apple rejected apps and overpriced apps like tomtom and navigon. I BUY ALL MY APPS AND I KNOW MOST OF JAILBREAKERS DO BUY ALL THEIR APPS
Quote:
Originally Posted by jeffreytgilbert
what? that's the dumbest thing i've heard all month
oh dear. hook line and sinker. you all made SendMe's day.
No it is not. It never was. You have always had the right to jailbreak your phone. Always.
What HAS changed is that it is now legal to circumvent a technical lock to make a tool to jailbreak. The recent change affected programmers, not users.
Even creating (and distributing) the tools to produce a jailbreak had already been declared non-infringing under the original text of the DMCA, without the benefit of the LoC's recent exceptions. Specifically, it is covered by the reverse engineering section that melgross pointed out above.
That being said, this whole discussion about the legality of jailbreaking is all in response to a troll very early in the thread who derailed the discussion by wishing punishment on jailbreakers. He doesn't deserve our attention.
Back on topic, I hope that everybody agrees that this particular hole was too dangerous to leave unpatched. In this case the benefit of improved security more than outweighs any extra inconvenience that may have been created for future would-be jailbreakers.
Thankfully, the jailbreakers publicized their exploit. It brought the problem to the forefront, bringing attention to this very serious bug, so that Apple recognized the widespread demand to fix it quickly. If it wasn't for the jailbreakers, how much longer would we have been sitting around with this unknown vulnerability, unaware of the fact that we were even at risk, while Apple took its sweet time releasing a fix (or worse yet, Apple never even being aware of the fact that there was a problem that needed fixing in the first place)?
Comments
Did you experience the massive slowdown glitch from upgrading to 4.0? If so, can you tell us if 4.0.2 resolves it?
http://www.theinquirer.net/inquirer/...mergency-patch
As much as i hate Adobe... This hole wasn't in any of their products, just Apple.
Thanks to the recent DMCA ruling, Apple can't sue you or get you arrested if you jailbreak your phone but there's no requirement that Apple has to facilitate it. Apple is free to try and prevent jailbreaking from happening using technical means, and they're free to deny warranty support to jailbroken phones.
The only people who really care about the ruling are the people who create jailbreak exploits. Those people had a legitimate concern that Apple would pursue legal action against them for creating the exploits. Now they have a legal right to do so.
It's been legal all along. This ruling just clarifies that. Apple admitted that long ago. Their situation is simply that while it's legal, they don't have to offer warrantee support for those who do it. That's understandable, as using some software can possibly cause problems.
Apple has never even hinted at suing jailbreakers, or those making the software that initiates it.
And of course, every pirated app would have been purchased if it wasn't pirated.
Does that really matter? Do we now have the opinion that anyone who wants someone's work has the right to it, even they won't pay for it? That seems to be a very poor philosophy.
What would happen if your boss came to you and wanted to cut your salery in half because so much product was being stolen, she couldn't afford to pay you what you were getting before? Or what if she had to fire you because of it? Would you feel as though those getting the product for free were ok, because they MIGHT not have bought it otherwise?
Gizmodo is not a good source for matters such as this.
You could probably come up with a much better link to describe the situation. Even before all the nonsense between Giz and Apple they were a shoddy source for this sort of thing, and today they've just become downright useless for issues related to Apple.
I posted this in a previous thread where we discussed this. It's part of the original
DMCA. This is NOT a newly interpreted part of the code. What the LOC did was to answer a question about what the statuate meant in relation to this area of which we're speaking. The LOC simply clarified that this section of the code did indeed apply to jailbreaking, and some other areas. Here it is. And, by the way, in that other discussion, the person I posted it to didn't understand that he couldn't take parts of a few sentences and highlight them, and then use that truncated part to change the meaning to what he wanted it to mean. This is legal discourse and must be taken as a whole.
(f) Reverse Engineering.?
(1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.
(2) Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph (1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.
(3) The information acquired through the acts permitted under paragraph (1), and the means permitted under paragraph (2), may be made available to others if the person referred to in paragraph (1) or (2), as the case may be, provides such information or means solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section.
(4) For purposes of this subsection, the term ?interoperability? means the ability of computer programs to exchange information, and of such programs mutually to use the information which has been exchanged.
No effect on unlocking? Hmmm. Wonder if a t-mobile announcement is imminent, which would allow any ATT iPhone to go over to T-mobile immediately (assuming the dreaded penalty isn't too much of a deterrent). I ran into T-mobile folks who couldn't get much coverage at the Oshkosh airshow this year, whereas ATT was no problem (it wasn't a T-mobile iphone).
You still won't be able to use 3G on T-Mobile because of that odd 1700MHz frequency they use.
I said "publicised" not "made public."
This is mostly irrelevant and not true. Regardless of their inner feelings or whatever, jailbreakers enable theft (piracy), pure and simple. Whether they mean to or not, whether they agree with it or not, are all irrelevant to the actual fact.
Several app makers have defended higher prices by saying that their apps have been stolen and that's the reason why. Several developers have also gone on the record as "thinking of raising the price" when they found out that 90% or their users were actually thieves. it could also be argued that the ancillary costs of supporting stolen apps (because the developer can't tell who is a legit owner), and the costs of security in general, contribute to the prices in the app store.
This is also a bit misleading at best.
The DCMA actually "outlaws" jailbreaking except for the recent decision by the Library of Congress that modified it. This made jailbreaking "legal," but only under certain specific circumstances, one of which as you correctly note, is the need to move to another carrier. The other is to install legal software that Apple doesn't allow in it's store.
So by definition, 40% of all jailbreaks are still explicitly "illegal" according to the DCMA because they are using the jailbreak to steal software. Some percentage of the rest are likely illegal as well.
Given that iPhone is already sold unlocked in many places and that the exclusivity arrangement with AT&T is about to end, it's likely that the whole "unlocking" reason will go away entirely in a very short time frame as well. So that will leave the only legal reason to jailbreak being the "need" to install some crappy app that was denied from the app store for some lame moral reason, like the boobies app or whatever.
Finally, it's you that don't understand the background here because you totally missed my last point which was that the recent decision by the Library of Congress used an unprecedented measure. To do the jailbreak at all, it's required that you use some of Apple's code. This has always been illegal. This recent decision however said that because it was only a "little bit" of code, it was okay.
For that reason I think it's a poor and possibly illegal decision by a body that doesn't really have the power to make it, and is just unjustifiable in my opinion.
A parallel might be that if I sold bicycles that had a patented anti-theft device built into it, the Library of congress is saying that it's okay for some hacker to use a bit of my bicycle locking technology to unlock the bicycle just because he needs the bicycle for something else. They are saying that a customer, simply by virtue of buying a device has the right to knowledge about every single part of it, how it works, how it's put together and the private IP and secret codes of the manufacturer, simply by virtue of them having paid a hundred bucks at the store for the bicycle.
I, and a lot of other people completely disagree that this is reasonable or (ultimately), legal.
As I've shown several times, it's incorrect to say that jailbreaking was illegal earlier. Even Apple acknowledged that it was legal some time ago.
Does anyone here think that Apple wouldn't have gone after those that enabled jailbreaking if it weren't legal? They sure would have!
Disclaimer - My phone's not jailbroken...
1. App prices are still pretty damn cheap. Free or $.99 rule the day for the most part. I've paid more for some apps and they've still been quite worthwhile. I have seen no hard evidence that your point regarding app piracy is actually having an impact on pricing in the app store. The developers may, or may not, choose to continue developing for the iPhone but what will they do? WIll they develop for Android where users are even less inclined to pay money for software? Software piracy has been an issue since users have had the ability to load programs on their computers/devices.
2. This exploit needed to be publicized. Yes, it could have been handled better, but in the end a fix has been produced to eliminate that particular vulnerability. If jailbreaking leads to discovery of flaws like this then isn't it acting as another level of quality assurance?
3. You got me there. Like I said above, I'm not jailbroken. I'd put forth that a noisy jailbreak zealot is no less irritating to listen to than any other noisy zealot.
Anyway, it's disingenuous to assume that all jailbroken phones are in the hands of piratey hackers up to no good. If I'm not mistaken, jailbreaking is a prerequisite for unlocking the iPhone. Many jailbreak just so they won't have to use AT&T. Would you suggest that people who are out of their contract obligation only be able to ever use their bought and paid for iPhone if they also use AT&T's network?
The one problem with jailbreakers is that they now have temptation before them that they didn't have before. Temptation makes good people do bad things. While many jailbreakers have no interest in pirating when they first jailbreak, many do.
The difficulty here is that when looking at the programs available, one will, just for the sake of curiosity, look at the pirated apps, "just to see what's there." And then, again just for the sake of curiosity will download one, only to see if it really works. When it does, next time it's a bit easier. We all know how that works. I bet no one here ever walks on a red light either?
After some time, a certain number of people will first see if an app they want is pirated before going to the app store itself. This is why a lot of developers are concerned about app piracy. To say that it's not significant, isn't true. The situation is much worse with Android, where piracy is even easier.
You talk a lot of none sense. i jailbreak my phone to be able to unlock, be able to install apple rejected apps and overpriced apps like tomtom and navigon. I BUY ALL MY APPS AND I KNOW MOST OF JAILBREAKERS DO BUY ALL THEIR APPS
So you pay for all of your apps, but install "overpriced ones" like Tomtom and Navigon?
How do you do that? If you aren't paying for what they are asking for their apps, then you aren't paying for them at all.
Thats the most amazing amount of dissembling I've seen in a long time.
You are a real pirate, even if you lack the understanding to knoe it.
i jailbreaked (jailbroke?) my iphone for the sole purpose of unlocking it so i can use it on another carrier when i travel out of the country. i ain't gonna rush out and install this update any time soon.
While the PDF hole is certainly filled there were other exploits needed for that jailbreak to work. I haven't heard yah or nah on the subject but it's possible Apple didn't fix those holes. On top of that, there are surely other exploits to be found; perhaps already found. Maybe we'll see a tethered jailbreak from Dev Team for 4.0.2 or for 4.1. Hopefully for at least 4.1.
What have they done? Has a jailbreaker ever damaged your own phone remotely? If anything, I am sure the JB community has actually helped users more than you know.
It's quite simple, the jailbreaking method exposed a security breach of iOS without notifying Apple and give them some time to fix it. It is of course clear why Apple wasn't notified.
But this exposed all iOS users to hackers able to reverse engineer the exploit.
The fact (?) that no exploit (other than jailbreaking) spread in the wild is no excuse for the irresponsible jailbreak released by the 'jailbreak community'.
It shows clearly that they are only concerned about there jailbreak glory and not at all concerned about the safety of iOS users.
J
Linkity link.
Thanks for the link.
You forgot to blame Adobe for all of this. They, after all, created the PDF format.
This indeed is Adobe's bag of hurt.
This is how bad Adobe Screwed up:
http://www.kb.cert.org/vuls/id/275247
Vulnerability Note VU#275247
FreeType 2 CFF font stack corruption vulnerability
Overview
FreeType 2 contains a vulnerability in the processing of CFF fonts, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
I. Description
FreeType is a font engine that can open and process font files. FreeType 2 includes the ability to handle a number of font types, including Compact Font Format (CFF). FreeType is used by a number of applications, including PDF readers, web browsers, and other applications. FreeType 2 contains a flaw in the handling of some CFF opcodes, which can result in stack corruption. This can allow arbitrary code execution.
This vulnerability is being used in the iPhone PDF JailBreak exploit.
II. Impact
By causing an application that uses FreeType to parse a specially-crafted CFF font, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This can occur as the result of opening a PDF document or viewing a web page.
III. Solution
Apply an update
This vulnerability is fixed in the FreeType source tree. Please check with your vendor for an update.
Vendor Information
- Vendor\tStatus\tDate Notified\tDate Updated
- Apple Inc.\tAffected\t2010-08-04\t2010-08-11
- Conectiva Inc.\tUnknown\t2010-08-10\t2010-08-10
- Cray Inc.\tUnknown\t2010-08-10\t2010-08-10
- Debian GNU/Linux\tAffected\t2010-08-10\t2010-08-11
- DragonFly BSD Project\tUnknown\t2010-08-10\t2010-08-10
- EMC Corporation\tUnknown\t2010-08-10\t2010-08-10
- Engarde Secure Linux\tUnknown\t2010-08-10\t2010-08-10
- F5 Networks, Inc.\tAffected\t2010-08-10\t2010-08-11
- Fedora Project\tUnknown\t2010-08-10\t2010-08-10
- Foxit Software Company\tAffected\t2010-08-06\t2010-08-06
- FreeBSD Project\tUnknown\t2010-08-10\t2010-08-10
- Fujitsu\tUnknown\t2010-08-10\t2010-08-10
- Gentoo Linux\tAffected\t2010-08-10\t2010-08-11
- Hewlett-Packard Company\tUnknown\t2010-08-10\t2010-08-10
- Hitachi\tUnknown\t2010-08-10\t2010-08-10
- IBM Corporation\tUnknown\t2010-08-10\t2010-08-10
- IBM Corporation (zseries)\tUnknown\t2010-08-10\t2010-08-10
- IBM eServer\tUnknown\t2010-08-10\t2010-08-10
- Infoblox\tUnknown\t2010-08-10\t2010-08-10
- Juniper Networks, Inc.\tUnknown\t2010-08-10\t2010-08-10
- Mandriva S. A.\tUnknown\t2010-08-10\t2010-08-10
- Microsoft Corporation\tUnknown\t2010-08-10\t2010-08-10
- MontaVista Software, Inc.\tUnknown\t2010-08-10\t2010-08-10
- NEC Corporation\tUnknown\t2010-08-10\t2010-08-10
- NetBSD\tUnknown\t2010-08-10\t2010-08-10
- Nokia\tUnknown\t2010-08-10\t2010-08-10
- Novell, Inc.\tUnknown\t2010-08-10\t2010-08-10
- Openwall GNU/*/Linux\tUnknown\t2010-08-10\t2010-08-10
- QNX Software Systems Inc.\tUnknown\t2010-08-10\t2010-08-10
- Red Hat, Inc.\tAffected\t\t2010-08-05
- SafeNet\tUnknown\t2010-08-10\t2010-08-10
- Silicon Graphics, Inc.\tUnknown\t2010-08-10\t2010-08-10
- Slackware Linux Inc.\tUnknown\t2010-08-10\t2010-08-10
- Sony Corporation\tUnknown\t2010-08-10\t2010-08-10
- Sun Microsystems, Inc.\tUnknown\t2010-08-10\t2010-08-10
- SUSE Linux\tUnknown\t2010-08-10\t2010-08-10
- The SCO Group\tUnknown\t2010-08-10\t2010-08-10
- Turbolinux\tUnknown\t2010-08-10\t2010-08-10
- Ubuntu\tUnknown\t2010-08-10\t2010-08-10
- Unisys\tUnknown\t2010-08-10\t2010-08-10
- Wind River Systems, Inc.\tAffected\t2010-08-10
\tAdobe Font Types: http://www.adobe.com/devnet/opentype...t_formats.html
Type 42 fonts consist of a PostScript language "wrapper" around a TrueType font. A Type 42 font is usually generated by a printer driver to download TrueType fonts to a PostScript printer that includes a TrueType rasterizer. By this method the TrueType font is interpreted directly, which provides the most accurate results. See Adobe Technical Note 5012, The Type 42 Font Format Specification (PDF, 159k).
Download the technical note and its not hard to see how any system that has a postscript interpreter to handle these postscript wrapped Truetype fonts can run a shell script of sorts to run arbitrary commands.
This affects Windows, OS X, Linux, etc.
7
Example Type 42 single-byte font program
%!PS-TrueTypeFont-65536-65536-1
11 dict begin
/FontName /Chicago def
/Encoding 256 array
0 1 255{1 index exch/.notdef put}for
dup 0 /.null put
dup 1 /option put
dup 2 /control put
%
%... many Encoding array entries omitted...
%
dup 253 /hungarumlaut put
dup 254 /ogonek put
dup 255 /caron put
readonly def
/PaintType 0 def
/FontMatrix [1 0 0 1 0 0] def
/FontBBox[-190 -283 1164 1090] def
/FontType 42 def
/XUID [42 16#7880BE99 16#AC616C9D 16#D021DE98 16#1F9CD56E] def
%
% Optional FontInfo dictionary may be inserted here
%
/sfnts[<
000100000009000900090009
637674202B194DE00000009C00000290
6670676D31773E000000032C000003B6
%
%...many sfnts lines omitted...
%
58B0FF1D5945695342737373737373737374737345684400
00>]def
/CharStrings 279 dict dup begin
/.notdef 0 def/.null 1 def/nonmarkingreturn 2 def
/space 3 def/exclam 4 def /quotedbl 5 def/numbersign 6 def
/dollar 7 def/percent 8 def/ampersand 9 def
%
All it takes is a well-crafted program to create havoc.
They publicised a zero-day vulnerability in the iPhone and left every iPhone user in the world open to malicious hackers
No they didn't. The security hole was published by other parties, they just used it. Telling YOU about the hole did not change the security of the system one iota.
- They also enable massive theft of apps which raises the prices in the app store.
- Roughly 40% of them are thieves and steal apps themselves
- They publish endless dribble to forums like this about the benefits of jailbreaking
Well the first claim here is clearly false, and the second two are not problems.
Jailbreaking is also still illegal really
No it is not. It never was. You have always had the right to jailbreak your phone. Always.
What HAS changed is that it is now legal to circumvent a technical lock to make a tool to jailbreak. The recent change affected programmers, not users.
given that the recent ruling by the Library of Congress seriously overstepped their authority and decided things that are completely unprecedented (like it's okay to steal Apple's code since it was only a "small amount"?).
None of these statements is remotely true.
First of all it was the EFF, not the LoC.
Second of all, neither group changed the law, that is up to the lawmakers in the process.
Third of all, no code was given away, or even mentioned for that matter.
If they had followed precedent and common law principles, jailbreaking would never have even become the "quasi-legal" thing it is now and remained firmly "illegal."
Jailbraking is, and always was, legal. You do not know what you are talking about.
Maury
p.s. For those of you who want to know about the reality here, download the TVO Search Engine podcast about it. It's very informative.
http://blog.iphone-dev.org/post/9414...hat-apple-wont
Will it brick previously jailbroken iPhones? I sure hope so. Those Jailbreakers don't have any excuse left for what they do to us.
What exactly has a Jailbreaker done to you?
Seriously? What impact have those who jailbreak their phones had on you?
What have they done? Has a jailbreaker ever damaged your own phone remotely? If anything, I am sure the JB community has actually helped users more than you know.
OH NOEZ !!1ONEOEN ZE JAILBREAKERS ARE OUT TO KILL US
Adi
You mean leaving AT&Ts pos network? How dare they.
Care to explain that?
Not only will it not brick a jailbroken phone, Apple also chose not to patch the baseband holes that are used to unlock the iPhones. It seems like Apple is much more interested in closing serious security flaws than fighting the jailbreak and unlock community. Some of their brain dead fanboi's on the other hand are still living in LaLa land.
probably they shattered his day-dreaming that everything is perfect and hunky-dory at Apple, and that every invention under the sun was originated from US of A. The guy is still reeling from the shock
Get a grip
You talk a lot of none sense. i jailbreak my phone to be able to unlock, be able to install apple rejected apps and overpriced apps like tomtom and navigon. I BUY ALL MY APPS AND I KNOW MOST OF JAILBREAKERS DO BUY ALL THEIR APPS
what? that's the dumbest thing i've heard all month
oh dear. hook line and sinker. you all made SendMe's day.
No it is not. It never was. You have always had the right to jailbreak your phone. Always.
What HAS changed is that it is now legal to circumvent a technical lock to make a tool to jailbreak. The recent change affected programmers, not users.
Even creating (and distributing) the tools to produce a jailbreak had already been declared non-infringing under the original text of the DMCA, without the benefit of the LoC's recent exceptions. Specifically, it is covered by the reverse engineering section that melgross pointed out above.
That being said, this whole discussion about the legality of jailbreaking is all in response to a troll very early in the thread who derailed the discussion by wishing punishment on jailbreakers. He doesn't deserve our attention.
Back on topic, I hope that everybody agrees that this particular hole was too dangerous to leave unpatched. In this case the benefit of improved security more than outweighs any extra inconvenience that may have been created for future would-be jailbreakers.
Thankfully, the jailbreakers publicized their exploit. It brought the problem to the forefront, bringing attention to this very serious bug, so that Apple recognized the widespread demand to fix it quickly. If it wasn't for the jailbreakers, how much longer would we have been sitting around with this unknown vulnerability, unaware of the fact that we were even at risk, while Apple took its sweet time releasing a fix (or worse yet, Apple never even being aware of the fact that there was a problem that needed fixing in the first place)?