iPhone/iPod Touch 1.1.1 Jailbreak Complete, Security Ramifications [Update]
Engadget's Ryan Block has confirmed that a beta test of the latest jailbreak method for the 1.1.1 firmware of the iPhone and iPod touch works.
The current method uses a vulnerability in 1.1.1's mobile Safari to gain root access to the device. Currently, this is the only method available to jailbreak an already upgraded iPhone or iPod Touch, as previous methods relied on firmware 1.0.2 still being available.
While the developers are using the Safari vulnerability for somewhat benevolent purposes, it does raise a potential security issue for users. The vulnerability lies in mobile Safari's handling of TIFF images, where viewing a malformed TIFF image allows root access to the device.
While the jailbreak is now complete from all angles, it still does not mean that the methods are ready for adoption by general users. We will consider it ready when Installer.app (or equivalent) is updated for the latest firmware.
Update: The jailbreak has been released but no step-by-step tutorial is yet available.
Ongoing iPhone coverage at macrumors.com/iPhone
The current method uses a vulnerability in 1.1.1's mobile Safari to gain root access to the device. Currently, this is the only method available to jailbreak an already upgraded iPhone or iPod Touch, as previous methods relied on firmware 1.0.2 still being available.
While the developers are using the Safari vulnerability for somewhat benevolent purposes, it does raise a potential security issue for users. The vulnerability lies in mobile Safari's handling of TIFF images, where viewing a malformed TIFF image allows root access to the device.
While the jailbreak is now complete from all angles, it still does not mean that the methods are ready for adoption by general users. We will consider it ready when Installer.app (or equivalent) is updated for the latest firmware.
Update: The jailbreak has been released but no step-by-step tutorial is yet available.
Ongoing iPhone coverage at macrumors.com/iPhone
Top Rated Comments
(View all)
57 months ago
Woot! Sort of. Well, I def. consider this good news :)
edit: does anybody know what this means for iPhone AT&Tless activation? I've been waiting to buy an iPhone until the thing can be activated without AT&T service....
edit: does anybody know what this means for iPhone AT&Tless activation? I've been waiting to buy an iPhone until the thing can be activated without AT&T service....
57 months ago
The problem is that this is easily "fixable" by Apple AND they can legitimately say it's for security purposes
57 months ago
I haven't installed jailbreak before, but I'm planning to once Installer.app is available. I can't wait.
57 months ago
so much for OS X security.... :rolleyes:
I'd rather have a secure web browser and some decent Apple-approved applications, then install this.
I'd rather have a secure web browser and some decent Apple-approved applications, then install this.
57 months ago
This will certainly be fixed in 1.1.2 and not to frustrate the iPhoneDevTeam but because its an actual security issues. Then what? Without the key to decrypt the frameworks then 1.1.2 will break all of the apps developed here, again, not because Apple wants to frustrate hacker but because they are continuing to change/develop the API.
57 months ago
so much for OS X security.... :rolleyes:
I'd rather have a secure web browser and some decent Apple-approved applications, then install this.
As much as some people don't like the iPhone Dev team and don't want to actually install the 3rd party apps they develop, you have to say this about them... they find Apple's bugs :)
57 months ago
Yep, this is certainly a very temporary situation. It would be impossible to imagine Apple won't close this hole, since it is a security issue.
If I had time, I'd explore how a malformed TIFF could gain you root access. Anybody have a 3 sentence summary?
Edit: Someone said "Apple Approved" applications. Why does Apple have to approve them? They don't for regular Mac applications, thank god. If all apps have to go through some certification scheme, we'll be limited to what we get. In the end, don't install shady apps from shady people (like always) and you'll be fine!
If I had time, I'd explore how a malformed TIFF could gain you root access. Anybody have a 3 sentence summary?
Edit: Someone said "Apple Approved" applications. Why does Apple have to approve them? They don't for regular Mac applications, thank god. If all apps have to go through some certification scheme, we'll be limited to what we get. In the end, don't install shady apps from shady people (like always) and you'll be fine!
57 months ago
This is all good and well, but now we KNOW Apple will fix this in their next update as it is a security vulnerability. In fact, now that it has been brought to light I wouldn't be suprised to see a security update in the next couple of days. Sure, you don't have to install it, but all new iPhones and Touches will already not be able to use this method.
Just seems to be like a whole lot of effort and time going into something that is becoming progressively easier to brick wall.
Just seems to be like a whole lot of effort and time going into something that is becoming progressively easier to brick wall.
57 months ago
I don't understand how people could install this, knowing full well that the next firmware update will make their device un-useable.
Correct me if I'm wrong but wont your iphones all "brick" once apple fixes this problem and releases the next firmware?
Correct me if I'm wrong but wont your iphones all "brick" once apple fixes this problem and releases the next firmware?
[ Read All Comments ]
Analytics firm Chitika today released a report showing that by its metrics iOS has now surpassed OS X in overall web traffic share in the United States. Chitika's methodology involves an analysis...
One of the most frequent reasons for an iPhone to go on a trip to the Apple Store's Genius Bar is because of water damage. Typically, a water damaged iPhone can be replaced for a flat $199...
TheVerge's Joshua Topolsky summarizes the iPad 3 casing findings reported earlier today, but also adds his own sources regarding some details of the iPad 3.
Image from RepairLabs
As...
Last July, Apple discontinued the white MacBook from its consumer lineup, pushing consumers toward the company's popular MacBook Air line or the 13-inch MacBook Pro. The company didn't kill...
Popular iPhone Twitter client Tweetbot has finally arrived on the iPad, with a user interface instantly familiar to any current Tweetbot user. Designed for the Twitter power-user, Tweetbot packs a...
