question guys, have not read anything re this question anywhere
do you think Apple is not closing some security holes by purpose to leave a door open for the devteam ?
i mean, i am quite sure that Apple has some very clever and smart people, they should be able to close down the iOS if they really want ?!
we can observe that some USB security flaws are open in iOS3 and still in 4..... MS is doing a better job in patching their windows than Apple...
thanks for your opinions.
Greetings !
If it was a leak in the code that you could get around by manually changing the code or something similar than it could be intentional.
But if you're talking an exploit that can be activated off of a website, I doubt it. I'm sure apple will update this and block it asap (as well they should, these kind of vulnerabilities are dangerous).
No code is hack proof, and all in all, I think the dev communities are good things. But web exploits are serious security risks, not "breadcrumbs" for dev teams.
Security concerns aside, this is one elegant way to jailbrake your phone. Slide to Jailbrake... classic.
I jailbroke as soon as I found out that PDF Loading Warner was available. Better to be safe than sorry if someone decides to create a malicious link that exploits this vulnerability.
Maybe Miller is the one responsible for the hack. He certainly has a gigantic anti-Apple chip on his shoulders for all to see.
This will probably get roundly dismissed as mere paranoia, but I think it's both interesting and highly suspicious that this hack is so far above what any other iPhone hackers have been able to do so far.
I mean we have to believe that somehow almost by accident, the typical iPhone hackers stumbled on this sublime and intricate attack vector, (something that only one of the best security hackers on the planet could figure out)??
It seems more likely to me that Charlie Miller or someone of similar calibre was involved at some level and that worries me.
The hole would exist if they released the code or not. by releasing it (and making it public) they will spur apple to close it sooner.
There are people working on a wired hack, no doubt, but if you get an easier way to hack it, they take it.
Jailbreaking a device takes time, and someone working at it won't ignore a security hole to try and find a more complex way to do it.
iOS has a community of MILLIONS of users, and attracts a majority of mobile programmers. Computer programmers know that mobile is the future and a lot of them might even OWN an iphone.
Jailbreaking will increasingly become more sophisticated as iOS security improves. That's the nature of software development.
And it's A LOT better that the first time his exploit hits the news it's for a jailbreak and not after someone uses the code to infect others (like activeX exploits in windows). It's worth noting that the same people you're writing off as malicious hackers are from the community that developed a "fix" for this exploit before it was officially acknowledged.
Maybe Miller is the one responsible for the hack. He certainly has a gigantic anti-Apple chip on his shoulders for all to see.
This will probably get roundly dismissed as mere paranoia, but I think it's both interesting and highly suspicious that this hack is so far above what any other iPhone hackers have been able to do so far.
I mean we have to believe that somehow almost by accident, the typical iPhone hackers stumbled on this sublime and intricate attack vector, (something that only one of the best security hackers on the planet could figure out)??
It seems more likely to me that Charlie Miller or someone of similar calibre was involved at some level and that worries me.
Quote:
Originally Posted by grkhetan
This font rendering security hole was patched in Mac OSX a couple months ago -- the fix did not make it to iOS4, and hence comex was able to use this hole there!! So easy he would have figured -- go to Apple security patches list, and see which fixes havent made it to iphone and attack!!
Btw, this security hole known to Apple and patched in OSX a couple months ago, is already fixed in the 4.1 beta releases made in the past few weeks. Thats why jailbreakme.com does not work if you have 4.1 beta installed on your phone.
For anyone who is concerned about this vulnerability on thier non-jailbroken iPhone there is an easy fix to avoid someone hacking into your phone to be malicious and restricting their access to your device.
Solution
Jailbreak your device and then change the mobile and root password defaults from the standard apple password: alpine.
From my understanding, though, this isn't just about the official jailbreak. This exploit seemingly allows anything and anybody root access to a non-jailbroken iDevice, where bad things can and will happen. I agree that there will always be exploits, but downloading an installer and physically installing it yourself through a mac or pc is a lot different than going to a web site and "sliding to jailbreak". This is not a good thing, even if the end result in this instance is positive (a debate for another day).
I was replying to the "Proceed at your own risk!" comment, in the sense that this jailbreak method is no more dangerous than any other. In fact, assuming it works well, it is the easiest and most trouble-free jailbreak yet (though the can-o-worms introduced by adding more of those who are unfamiliar with jailbreaking to the jailbroken masses is another issue).
I assume you're commenting on the actual exploit.
This is a serious security flaw, and one that Apple absolutely does need to patch. It is possible that reverse-engineered or exchanged details of this exploit (a bogus font in PDF documents) will fall into the wrong capable hands, and that will lead to a real-world malicious hack. I highly doubt this will amount to any sort of real spreadable virus or threat, but it can lead to information loss through the likes of phishing schemes. In practice I suspect the most we will see of this is a proof-of-concept malicious hack or two, but little more. But more absolutely is possible and that's why this one needs to be plugged up—however cool it may be to jailbreak your device through a website.
But I disagree with you about one key point. Unless, of course, you mean 'experienced programmer with the desire, time, and reason to exploit the iOS platform' when you say 'anything and anybody'. A considerable degree of expertise will be required to do something with this (which isn't to say they're not out there—they are).
Quote:
Originally Posted by Prof. Peabody
They aren't doing anyone any favours. They could have easily released the jailbreak without releasing the scary, slick PDF vulnerability and used a more traditional wired method. Like almost all hackers everywhere, they just wanted to show off. With hacking it's all about ego and "cred," and pretty always has been.
Have to agree. They could have done this in a less dramatic and less threatening way. They chose to go with the website in a pure ego-driven 'look what we managed to do' approach. And sure enough, it is impressive, but it is not responsible or benevolent in any way. Also, along those lines, making a jailbreak this accessible isn't really doing anybody favors, as someone who couldn't manage the previous installable jailbreak tools would probably just back themselves into headaches or problems with a jailbreak anyway.
This is a serious issue, no one is denying that, and there will be other vulnerabilities found in iOS throughout the years that will just as bad, but Android is designed from the ground up to be insecure for the average user. That won?t change until Android changes.
There is a fundamental question here.... If you believe so much in the closed 'secure' walled garden of the iPhone then surely you also agree that computers would be so much better now, had the technology been there to stop people installing and sharing their own software with each other 20 years ago when the personal computer first took off.
In some ways its bloody brilliant that microsoft wiped the floor with apple in the early days because otherwise computing would be like 1984 with no freedom whatsoever.
Can you please explain why android is from the ground up insecure? Open source is not an answer, if anything open source is a benefit.
I was replying to the "Proceed at your own risk!" comment, in the sense that this jailbreak method is no more dangerous than any other. In fact, assuming it works well, it is the easiest and most trouble-free jailbreak yet (though the can-o-worms introduced by adding more of those who are unfamiliar with jailbreaking to the jailbroken masses is another issue).
I assume you're commenting on the actual exploit.
This is a serious security flaw, and one that Apple absolutely does need to patch. It is possible that reverse-engineered or exchanged details of this exploit (a bogus font in PDF documents) will fall into the wrong capable hands, and that will lead to a real-world malicious hack. I highly doubt this will amount to any sort of real spreadable virus or threat, but it can lead to information loss through the likes of phishing schemes. In practice I suspect the most we will see of this is a proof-of-concept malicious hack or two, but little more. But more absolutely is possible and that's why this one needs to be plugged up?however cool it may be to jailbreak your device through a website.
But I disagree with you about one key point. Unless, of course, you mean 'experienced programmer with the desire, time, and reason to exploit the iOS platform' when you say 'anything and anybody'. A considerable degree of expertise will be required to do something with this (which isn't to say they're not out there?they are).
Have to agree. They could have done this in a less dramatic and less threatening way. They chose to go with the website in a pure ego-driven 'look what we managed to do' approach. And sure enough, it is impressive, but it is not responsible or benevolent in any way. Also, along those lines, making a jailbreak this accessible isn't really doing anybody favors, as someone who couldn't manage the previous installable jailbreak tools would probably just back themselves into headaches or problems with a jailbreak anyway.
The code existed anyway.
By making it a PUBLIC release, they will force apple to patch it through faster.
Obviously Apple Insider and Charlie Miller have no idea what they are talking about when they refer to this as "Apple's" security infrasture. The Security infrastructure is provided by BSD/Mach which is FREEWARE code that crApple simply uses in Macs and iCrap.
The PDF engine in all crapple products was hacked together from Freeware code by the NeXT goofs years ago, and then they gave it to a couple of Film Studies dropouts from Kansas (john calhoun is one of them) who decided one day that they want to develop "software" for crApple and get $150,000 per year for it. This is a typical scenario in crApple and explains all the overhyped garbage that people are so upset about paying so much money for...they do not understand the freeware BSD/Mach and its security infrastructure, and that is why opening a PDF document executes code that completely breaches your device's security.
Opening a PDF document jailbreaks the device because crApple's dumb software executes code inside the PDF document which breaches the devices security. It's Apples fault for its lack of understanding of the Freeware BSD/Mach operating software that it uses.
So, Yes. Macs and iCrap are highly vulnerable to viruses and spyware, crApple is just lucky that no one has really taken full advantage of all the security holes because its not a worthwhile target.
By making it a PUBLIC release, they will force apple to patch it through faster.
Of course the code existed anyway. In other news, the sky is often blue.
What didn't exist before was such accessible knowledge of the exploit's existence.
The responsible thing to do would have been to contact Apple privately to advise them of the exploit before going public with it, so no users would have been potentially endangered. The far more irresponsible, but 'benevolent hacker-esque' response would have been to contact Apple and give them time to patch the exploit before going public with it. They didn't even live up to that standard...
question guys, have not read anything re this question anywhere
do you think Apple is not closing some security holes by purpose to leave a door open for the devteam ?
i mean, i am quite sure that Apple has some very clever and smart people, they should be able to close down the iOS if they really want ?!
we can observe that some USB security flaws are open in iOS3 and still in 4..... MS is doing a better job in patching their windows than Apple...
thanks for your opinions.
Greetings !
that's not what's happening at all. give credit where credit is due. hackers hack. the good ones do it really well. this is an example of exactly that.
I jailbroke my phone earlier today on my 3g connection away from home and didnt even restart my phone. I then downloaded My3G and placed a facetime call to someone else who was in the office on wifi. this is scary awesome.
Of course the code existed anyway. In other news, the sky is often blue.
What didn't exist before was such accessible knowledge of the exploit's existence.
The responsible thing to do would have been to contact Apple privately to advise them of the exploit before going public with it, so no users would have been potentially endangered. The far more irresponsible, but 'benevolent hacker-esque' response would have been to contact Apple and give them time to patch the exploit before going public with it. They didn't even live up to that standard...
Because apple knew about the exploit already. they already patched it out of OSx. The developers most likely got the idea to try this exploit from reading the change log from OSx and seeing which changes didn't make it to ios4.
Because apple knew about the exploit already. they already patched it out of OSx. The developers most likely got the idea to try this exploit from reading the change log from OSx and seeing which changes didn't make it to ios4.
Apple had time.
I've considered that the two might be the same exploit, but I haven't read enough to confirm that they were the exact same exploit. In any case, what is your point? That they were being responsible or benevolent? They weren't—they were showing off, and it could have been done another way.
I'm not actually upset about it. I'm going to use this to jailbreak my iPad. I hate the Spirit boot logo. I'm going to jailbreak my iPhone 4 with it as well. And I also happen to enjoy seeing such a skilled execution of an exploit or code. But I'm not going to defend their actions as responsible...
Edit: and while Apple patched that above-mentioned exploit in June, that is not a responsible timeframe.
What is "ironical" about @cdevwill's tweak, exactly? People want to modify their phones and be secure from random exploits.
.
What is ironic is how those hackers just try to hurt Apple, but this guy likes to pretend that he's there to help. People would do well to ignore this sort of "help" and to trust Apple instead.
Of course the code existed anyway. In other news, the sky is often blue.
What didn't exist before was such accessible knowledge of the exploit's existence.
The responsible thing to do would have been to contact Apple privately to advise them of the exploit before going public with it, so no users would have been potentially endangered. The far more irresponsible, but 'benevolent hacker-esque' response would have been to contact Apple and give them time to patch the exploit before going public with it. They didn't even live up to that standard...
Agreed. It should be a felony to knowingly release exploit code into the wild. EVER. For that matter, make it a capital offense.
All types of spammers, virus writers, and hackers who attack systems they don't own should be in jail. Period.
Comments
question guys, have not read anything re this question anywhere
do you think Apple is not closing some security holes by purpose to leave a door open for the devteam ?
i mean, i am quite sure that Apple has some very clever and smart people, they should be able to close down the iOS if they really want ?!
we can observe that some USB security flaws are open in iOS3 and still in 4..... MS is doing a better job in patching their windows than Apple...
thanks for your opinions.
Greetings !
If it was a leak in the code that you could get around by manually changing the code or something similar than it could be intentional.
But if you're talking an exploit that can be activated off of a website, I doubt it. I'm sure apple will update this and block it asap (as well they should, these kind of vulnerabilities are dangerous).
No code is hack proof, and all in all, I think the dev communities are good things. But web exploits are serious security risks, not "breadcrumbs" for dev teams.
I jailbroke as soon as I found out that PDF Loading Warner was available. Better to be safe than sorry if someone decides to create a malicious link that exploits this vulnerability.
Maybe Miller is the one responsible for the hack. He certainly has a gigantic anti-Apple chip on his shoulders for all to see.
This will probably get roundly dismissed as mere paranoia, but I think it's both interesting and highly suspicious that this hack is so far above what any other iPhone hackers have been able to do so far.
I mean we have to believe that somehow almost by accident, the typical iPhone hackers stumbled on this sublime and intricate attack vector, (something that only one of the best security hackers on the planet could figure out)??
It seems more likely to me that Charlie Miller or someone of similar calibre was involved at some level and that worries me.
The hole would exist if they released the code or not. by releasing it (and making it public) they will spur apple to close it sooner.
There are people working on a wired hack, no doubt, but if you get an easier way to hack it, they take it.
Jailbreaking a device takes time, and someone working at it won't ignore a security hole to try and find a more complex way to do it.
iOS has a community of MILLIONS of users, and attracts a majority of mobile programmers. Computer programmers know that mobile is the future and a lot of them might even OWN an iphone.
Jailbreaking will increasingly become more sophisticated as iOS security improves. That's the nature of software development.
And it's A LOT better that the first time his exploit hits the news it's for a jailbreak and not after someone uses the code to infect others (like activeX exploits in windows). It's worth noting that the same people you're writing off as malicious hackers are from the community that developed a "fix" for this exploit before it was officially acknowledged.
Maybe Miller is the one responsible for the hack. He certainly has a gigantic anti-Apple chip on his shoulders for all to see.
This will probably get roundly dismissed as mere paranoia, but I think it's both interesting and highly suspicious that this hack is so far above what any other iPhone hackers have been able to do so far.
I mean we have to believe that somehow almost by accident, the typical iPhone hackers stumbled on this sublime and intricate attack vector, (something that only one of the best security hackers on the planet could figure out)??
It seems more likely to me that Charlie Miller or someone of similar calibre was involved at some level and that worries me.
This font rendering security hole was patched in Mac OSX a couple months ago -- the fix did not make it to iOS4, and hence comex was able to use this hole there!! So easy he would have figured -- go to Apple security patches list, and see which fixes havent made it to iphone and attack!!
http://support.apple.com/kb/HT4131
I'm gonna go with the latter.
still think android is so so so much more vulnerable?
Ah... the old 1 vulnerability = countless vulnerabilities equivalency fallacy.
This is for sure a flaw, but an exception... as opposed to designing in vulnerability under the guise of 'openness'.
http://support.apple.com/kb/HT4131
Solution
Jailbreak your device and then change the mobile and root password defaults from the standard apple password: alpine.
From my understanding, though, this isn't just about the official jailbreak. This exploit seemingly allows anything and anybody root access to a non-jailbroken iDevice, where bad things can and will happen. I agree that there will always be exploits, but downloading an installer and physically installing it yourself through a mac or pc is a lot different than going to a web site and "sliding to jailbreak". This is not a good thing, even if the end result in this instance is positive (a debate for another day).
I was replying to the "Proceed at your own risk!" comment, in the sense that this jailbreak method is no more dangerous than any other. In fact, assuming it works well, it is the easiest and most trouble-free jailbreak yet (though the can-o-worms introduced by adding more of those who are unfamiliar with jailbreaking to the jailbroken masses is another issue).
I assume you're commenting on the actual exploit.
This is a serious security flaw, and one that Apple absolutely does need to patch. It is possible that reverse-engineered or exchanged details of this exploit (a bogus font in PDF documents) will fall into the wrong capable hands, and that will lead to a real-world malicious hack. I highly doubt this will amount to any sort of real spreadable virus or threat, but it can lead to information loss through the likes of phishing schemes. In practice I suspect the most we will see of this is a proof-of-concept malicious hack or two, but little more. But more absolutely is possible and that's why this one needs to be plugged up—however cool it may be to jailbreak your device through a website.
But I disagree with you about one key point. Unless, of course, you mean 'experienced programmer with the desire, time, and reason to exploit the iOS platform' when you say 'anything and anybody'. A considerable degree of expertise will be required to do something with this (which isn't to say they're not out there—they are).
They aren't doing anyone any favours. They could have easily released the jailbreak without releasing the scary, slick PDF vulnerability and used a more traditional wired method. Like almost all hackers everywhere, they just wanted to show off. With hacking it's all about ego and "cred," and pretty always has been.
Have to agree. They could have done this in a less dramatic and less threatening way. They chose to go with the website in a pure ego-driven 'look what we managed to do' approach. And sure enough, it is impressive, but it is not responsible or benevolent in any way. Also, along those lines, making a jailbreak this accessible isn't really doing anybody favors, as someone who couldn't manage the previous installable jailbreak tools would probably just back themselves into headaches or problems with a jailbreak anyway.
<rant from someone who needs to get a life>
Is there a way to ignore users/trolls?
This is a serious issue, no one is denying that, and there will be other vulnerabilities found in iOS throughout the years that will just as bad, but Android is designed from the ground up to be insecure for the average user. That won?t change until Android changes.
There is a fundamental question here.... If you believe so much in the closed 'secure' walled garden of the iPhone then surely you also agree that computers would be so much better now, had the technology been there to stop people installing and sharing their own software with each other 20 years ago when the personal computer first took off.
In some ways its bloody brilliant that microsoft wiped the floor with apple in the early days because otherwise computing would be like 1984 with no freedom whatsoever.
Can you please explain why android is from the ground up insecure? Open source is not an answer, if anything open source is a benefit.
I was replying to the "Proceed at your own risk!" comment, in the sense that this jailbreak method is no more dangerous than any other. In fact, assuming it works well, it is the easiest and most trouble-free jailbreak yet (though the can-o-worms introduced by adding more of those who are unfamiliar with jailbreaking to the jailbroken masses is another issue).
I assume you're commenting on the actual exploit.
This is a serious security flaw, and one that Apple absolutely does need to patch. It is possible that reverse-engineered or exchanged details of this exploit (a bogus font in PDF documents) will fall into the wrong capable hands, and that will lead to a real-world malicious hack. I highly doubt this will amount to any sort of real spreadable virus or threat, but it can lead to information loss through the likes of phishing schemes. In practice I suspect the most we will see of this is a proof-of-concept malicious hack or two, but little more. But more absolutely is possible and that's why this one needs to be plugged up?however cool it may be to jailbreak your device through a website.
But I disagree with you about one key point. Unless, of course, you mean 'experienced programmer with the desire, time, and reason to exploit the iOS platform' when you say 'anything and anybody'. A considerable degree of expertise will be required to do something with this (which isn't to say they're not out there?they are).
Have to agree. They could have done this in a less dramatic and less threatening way. They chose to go with the website in a pure ego-driven 'look what we managed to do' approach. And sure enough, it is impressive, but it is not responsible or benevolent in any way. Also, along those lines, making a jailbreak this accessible isn't really doing anybody favors, as someone who couldn't manage the previous installable jailbreak tools would probably just back themselves into headaches or problems with a jailbreak anyway.
The code existed anyway.
By making it a PUBLIC release, they will force apple to patch it through faster.
Obviously Apple Insider and Charlie Miller have no idea what they are talking about when they refer to this as "Apple's" security infrasture. The Security infrastructure is provided by BSD/Mach which is FREEWARE code that crApple simply uses in Macs and iCrap.
The PDF engine in all crapple products was hacked together from Freeware code by the NeXT goofs years ago, and then they gave it to a couple of Film Studies dropouts from Kansas (john calhoun is one of them) who decided one day that they want to develop "software" for crApple and get $150,000 per year for it. This is a typical scenario in crApple and explains all the overhyped garbage that people are so upset about paying so much money for...they do not understand the freeware BSD/Mach and its security infrastructure, and that is why opening a PDF document executes code that completely breaches your device's security.
Opening a PDF document jailbreaks the device because crApple's dumb software executes code inside the PDF document which breaches the devices security. It's Apples fault for its lack of understanding of the Freeware BSD/Mach operating software that it uses.
So, Yes. Macs and iCrap are highly vulnerable to viruses and spyware, crApple is just lucky that no one has really taken full advantage of all the security holes because its not a worthwhile target.
you registered to post that? congratulations!
The code existed anyway.
By making it a PUBLIC release, they will force apple to patch it through faster.
Of course the code existed anyway. In other news, the sky is often blue.
What didn't exist before was such accessible knowledge of the exploit's existence.
The responsible thing to do would have been to contact Apple privately to advise them of the exploit before going public with it, so no users would have been potentially endangered. The far more irresponsible, but 'benevolent hacker-esque' response would have been to contact Apple and give them time to patch the exploit before going public with it. They didn't even live up to that standard...
question guys, have not read anything re this question anywhere
do you think Apple is not closing some security holes by purpose to leave a door open for the devteam ?
i mean, i am quite sure that Apple has some very clever and smart people, they should be able to close down the iOS if they really want ?!
we can observe that some USB security flaws are open in iOS3 and still in 4..... MS is doing a better job in patching their windows than Apple...
thanks for your opinions.
Greetings !
that's not what's happening at all. give credit where credit is due. hackers hack. the good ones do it really well. this is an example of exactly that.
I jailbroke my phone earlier today on my 3g connection away from home and didnt even restart my phone. I then downloaded My3G and placed a facetime call to someone else who was in the office on wifi. this is scary awesome.
Of course the code existed anyway. In other news, the sky is often blue.
What didn't exist before was such accessible knowledge of the exploit's existence.
The responsible thing to do would have been to contact Apple privately to advise them of the exploit before going public with it, so no users would have been potentially endangered. The far more irresponsible, but 'benevolent hacker-esque' response would have been to contact Apple and give them time to patch the exploit before going public with it. They didn't even live up to that standard...
Because apple knew about the exploit already. they already patched it out of OSx. The developers most likely got the idea to try this exploit from reading the change log from OSx and seeing which changes didn't make it to ios4.
Apple had time.
Because apple knew about the exploit already. they already patched it out of OSx. The developers most likely got the idea to try this exploit from reading the change log from OSx and seeing which changes didn't make it to ios4.
Apple had time.
I've considered that the two might be the same exploit, but I haven't read enough to confirm that they were the exact same exploit. In any case, what is your point? That they were being responsible or benevolent? They weren't—they were showing off, and it could have been done another way.
I'm not actually upset about it. I'm going to use this to jailbreak my iPad. I hate the Spirit boot logo. I'm going to jailbreak my iPhone 4 with it as well. And I also happen to enjoy seeing such a skilled execution of an exploit or code. But I'm not going to defend their actions as responsible...
Edit: and while Apple patched that above-mentioned exploit in June, that is not a responsible timeframe.
"Scary how it totally defeats Apple's security architecture."
Another offensive campaign from the expert.
do you think Apple is not closing some security holes by purpose to leave a door open for the devteam ?
!
That would be the greatest thing I've ever heard! Kudos, Apple!
Those hackers will never learn...
What is "ironical" about @cdevwill's tweak, exactly? People want to modify their phones and be secure from random exploits.
.
What is ironic is how those hackers just try to hurt Apple, but this guy likes to pretend that he's there to help. People would do well to ignore this sort of "help" and to trust Apple instead.
Of course the code existed anyway. In other news, the sky is often blue.
What didn't exist before was such accessible knowledge of the exploit's existence.
The responsible thing to do would have been to contact Apple privately to advise them of the exploit before going public with it, so no users would have been potentially endangered. The far more irresponsible, but 'benevolent hacker-esque' response would have been to contact Apple and give them time to patch the exploit before going public with it. They didn't even live up to that standard...
Agreed. It should be a felony to knowingly release exploit code into the wild. EVER. For that matter, make it a capital offense.
All types of spammers, virus writers, and hackers who attack systems they don't own should be in jail. Period.