Thankfully, the jailbreakers publicized their exploit. It brought the problem to the forefront, bringing attention to this very serious bug, so that Apple recognized the widespread demand to fix it quickly. If it wasn't for the jailbreakers, how much longer would we have been sitting around with this unknown vulnerability, unaware of the fact that we were even at risk, while Apple took its sweet time releasing a fix (or worse yet, Apple never even being aware of the fact that there was a problem that needed fixing in the first place)?
Apple and the highly educated technical public (security community and hackers) were aware of this security vulnerability for months. Apple even patched it for OSX, but for some reason did not issue a patch for IOS. Just because most of us did not know about this does not mean the jailbreakers exposed it to Apple and the hacker world. Those camps both were in the know, which is exactly how Comex "found" the bug to exploit.
The things we owe the jailbreakers for are;
1) forcing Apple to be accountable and fix this vulnerability by making it very public to the non-techy crowd.
2) issuing a partial fix to at least prompt uses before opening a PDF while we waited for an official fix from Apple
3) Providing yet a new patch (no longer just a partial fix but a real patch) for all versions of IOS going back to 2.0. This means people with older devices that wont run 4.0 MUST JAILBREAK in order to patch this massive vulnerability. It also offers an option for those with iPhone 3G's who do not want to run IOS 4 due to the performance issues.
Once again, if you are not running IOS 4.0.2 either upgrade ASAP or jailbreak and install the patch from Cydia. If you do neither, and use the web browser, you are taking a huge risk.
So do people who do a RESTORE on iPhone 3G have this issue too, or only folks who did an UPGRADE?! There IS a difference...
I did a DFU restore then NOT backup from previous phone... Then two hard resets... My mum's iPhone 3G is doing alright on iOS 4.0.1 ... At least as responsive as 3.1.2
I found even a normal restore (not DFU) did not solve the sluggishness.
Be sure to turn off Spotlight completely.
FWIW, this iPhone 3G has been jailbroken and restored to stock firmware off and on in the past two years.
People with older iPhones and iPod touch models are open to exploitation.
Good job, Apple.
As AIaddict said above, if you're in that camp, you should jailbreak IMMEDIATELY (and don't forget to follow the recommendations and change the root password), so that you can install a working patch for those older devices.
Comments
oh dear. hook line and sinker. you all made SendMe's day.
Someone has to feed the trolls or they die. I've already failed so many of them.
Thankfully, the jailbreakers publicized their exploit. It brought the problem to the forefront, bringing attention to this very serious bug, so that Apple recognized the widespread demand to fix it quickly. If it wasn't for the jailbreakers, how much longer would we have been sitting around with this unknown vulnerability, unaware of the fact that we were even at risk, while Apple took its sweet time releasing a fix (or worse yet, Apple never even being aware of the fact that there was a problem that needed fixing in the first place)?
Apple and the highly educated technical public (security community and hackers) were aware of this security vulnerability for months. Apple even patched it for OSX, but for some reason did not issue a patch for IOS. Just because most of us did not know about this does not mean the jailbreakers exposed it to Apple and the hacker world. Those camps both were in the know, which is exactly how Comex "found" the bug to exploit.
The things we owe the jailbreakers for are;
1) forcing Apple to be accountable and fix this vulnerability by making it very public to the non-techy crowd.
2) issuing a partial fix to at least prompt uses before opening a PDF while we waited for an official fix from Apple
3) Providing yet a new patch (no longer just a partial fix but a real patch) for all versions of IOS going back to 2.0. This means people with older devices that wont run 4.0 MUST JAILBREAK in order to patch this massive vulnerability. It also offers an option for those with iPhone 3G's who do not want to run IOS 4 due to the performance issues.
Once again, if you are not running IOS 4.0.2 either upgrade ASAP or jailbreak and install the patch from Cydia. If you do neither, and use the web browser, you are taking a huge risk.
So do people who do a RESTORE on iPhone 3G have this issue too, or only folks who did an UPGRADE?! There IS a difference...
I did a DFU restore then NOT backup from previous phone... Then two hard resets... My mum's iPhone 3G is doing alright on iOS 4.0.1 ... At least as responsive as 3.1.2
I found even a normal restore (not DFU) did not solve the sluggishness.
Be sure to turn off Spotlight completely.
FWIW, this iPhone 3G has been jailbroken and restored to stock firmware off and on in the past two years.
Good job, Apple.
People with older iPhones and iPod touch models are open to exploitation.
Good job, Apple.
As AIaddict said above, if you're in that camp, you should jailbreak IMMEDIATELY (and don't forget to follow the recommendations and change the root password), so that you can install a working patch for those older devices.
Linkity link.
Interesting - from the linked article:
Q: Does the PDF vulnerability affect Adobe PDF Reader?
A: No. Adobe PDF Reader on Windows and other platforms is not affected by this vulnerability.
Q: Is the PDF reader on my iPhone made by Adobe?
A: No, it's made by Apple. And there is no separate Reader application, PDF support is built into the OS.
The server keeps timing out everytime I try to update IP4 with 4.0.2. What gives?
Have you tried a direct download of the IPSW?