iOS 4 Jailbreak Method Brings Security Concerns [Updated]
There is renewed concern today over iOS security after a website-based jailbreaking tool was released for iOS 4 for iPhone and iPod touch and iOS 3.2 for iPad.
While the jailbreak appears to be a relatively benevolent attack against a security hole in iOS, concern remains that there is a yet-unpatched and largely unidentified security vulnerability in iOS that hackers could use in a similar way to remotely plant malware on an unsuspecting victim's device.
Multiple reports suggest that the jailbreak method attacks a flaw in the iOS PDF viewer in order to gain access to the device, however the principal developer of the project "comex" writes via his Twitter account that he is wondering "how long until someone figures out the actual bug I'm exploiting."
A similar jailbreak method was devised for iPhone OS 1.1.1, where developers even fixed the targeted bug after the jailbreak was complete.
Update: More technical details have emerged regarding the security hole that is being exploited in order for the jailbreak to be performed. The remote website presents a PDF that has a specifically crafted font embedded, and it is the processing of the embedded font that has the security issue. Interestingly, Apple had fixed a very similar issue in MacOS with Security Update 2010-003.
Top Rated Comments
(View all)
20 months ago
Exactly. I said this in the other thread, too. I don't have a problem with jailbreaking, but the fact that this particular method of doing it is possible worries me somewhat.
20 months ago
What do you expect to happen when you break Apple rules. The only reason I would see to jailbreak in the USA (since I live here) is to do FACETIME chats over 3G and to tether. I could care less about both. Jailbreaking has no other real killer feature, Apple has eliminated the need for inane people to jailbreak, which is a childish and pointless act atm
20 months ago
In this case it doesn't matter whether they are breaking Apple's rules or not. A web site could create a lot of problems by fooling people into downloading crafted PDFs. Apple should fix the holes ASAP.
20 months ago
Exactly. I said this in the other thread, too. I don't have a problem with jailbreaking, but the fact that this particular method of doing it is possible worries me somewhat.
The difference is the under 10 people in the world who know how to do it, they are all known, and all working to help jailbreak the devices not for nefarious means.
20 months ago
huh?
Apple has a rule about Jailbreaking ..... DONT DO IT!! it's really simple, don't break Apple rules. :)
20 months ago
The difference is the under 10 people in the world who know how to do it, they are all known, and all working to help jailbreak the devices not for nefarious means.
I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.
it's really simple, don't break Apple rules. :)
So owning an iPhone is "breaking Apple rules" now?
What?
20 months ago
What do you expect to happen when you break Apple rules.
What?? what are you even saying? did you read the article? it's saying the exploit used to create this jailbreak can be used to create malware on NON-JAILBROKEN phones. has nothing to do with apple's rules.
20 months ago
In this case it doesn't matter whether they are breaking Apple's rules or not. A web site could create a lot of problems by fooling people into downloading crafted PDFs. Apple should fix the holes ASAP.
People who have jail broken devices do so by there own actions, this isn't Apples fault, the user shouldn't jailbreak there device, period. ;)
20 months ago
I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.
People said the same thing when the first web-based iPhone jailbreak came out.
Apple will also patch this with the next software update.
[ Read All Comments ]
Analytics firm Chitika today released a report showing that by its metrics iOS has now surpassed OS X in overall web traffic share in the United States. Chitika's methodology involves an analysis...
One of the most frequent reasons for an iPhone to go on a trip to the Apple Store's Genius Bar is because of water damage. Typically, a water damaged iPhone can be replaced for a flat $199...
TheVerge's Joshua Topolsky summarizes the iPad 3 casing findings reported earlier today, but also adds his own sources regarding some details of the iPad 3.
Image from RepairLabs
As...
Last July, Apple discontinued the white MacBook from its consumer lineup, pushing consumers toward the company's popular MacBook Air line or the 13-inch MacBook Pro. The company didn't kill...
Popular iPhone Twitter client Tweetbot has finally arrived on the iPad, with a user interface instantly familiar to any current Tweetbot user. Designed for the Twitter power-user, Tweetbot packs a...
