iOS 4 Jailbreak Method Brings Security Concerns [Updated]
There is renewed concern today over iOS security after a website-based jailbreaking tool was released for iOS 4 for iPhone and iPod touch and iOS 3.2 for iPad.
While the jailbreak appears to be a relatively benevolent attack against a security hole in iOS, concern remains that there is a yet-unpatched and largely unidentified security vulnerability in iOS that hackers could use in a similar way to remotely plant malware on an unsuspecting victim's device.
Multiple reports suggest that the jailbreak method attacks a flaw in the iOS PDF viewer in order to gain access to the device, however the principal developer of the project "comex" writes via his Twitter account that he is wondering "how long until someone figures out the actual bug I'm exploiting."
A similar jailbreak method was devised for iPhone OS 1.1.1, where developers even fixed the targeted bug after the jailbreak was complete.
Update: More technical details have emerged regarding the security hole that is being exploited in order for the jailbreak to be performed. The remote website presents a PDF that has a specifically crafted font embedded, and it is the processing of the embedded font that has the security issue. Interestingly, Apple had fixed a very similar issue in MacOS with Security Update 2010-003.
Top Rated Comments
(View all)
24 months ago
Exactly. I said this in the other thread, too. I don't have a problem with jailbreaking, but the fact that this particular method of doing it is possible worries me somewhat.
24 months ago
What do you expect to happen when you break Apple rules. The only reason I would see to jailbreak in the USA (since I live here) is to do FACETIME chats over 3G and to tether. I could care less about both. Jailbreaking has no other real killer feature, Apple has eliminated the need for inane people to jailbreak, which is a childish and pointless act atm
24 months ago
In this case it doesn't matter whether they are breaking Apple's rules or not. A web site could create a lot of problems by fooling people into downloading crafted PDFs. Apple should fix the holes ASAP.
24 months ago
Exactly. I said this in the other thread, too. I don't have a problem with jailbreaking, but the fact that this particular method of doing it is possible worries me somewhat.
The difference is the under 10 people in the world who know how to do it, they are all known, and all working to help jailbreak the devices not for nefarious means.
24 months ago
huh?
Apple has a rule about Jailbreaking ..... DONT DO IT!! it's really simple, don't break Apple rules. :)
24 months ago
The difference is the under 10 people in the world who know how to do it, they are all known, and all working to help jailbreak the devices not for nefarious means.
I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.
it's really simple, don't break Apple rules. :)
So owning an iPhone is "breaking Apple rules" now?
What?
24 months ago
What do you expect to happen when you break Apple rules.
What?? what are you even saying? did you read the article? it's saying the exploit used to create this jailbreak can be used to create malware on NON-JAILBROKEN phones. has nothing to do with apple's rules.
24 months ago
In this case it doesn't matter whether they are breaking Apple's rules or not. A web site could create a lot of problems by fooling people into downloading crafted PDFs. Apple should fix the holes ASAP.
People who have jail broken devices do so by there own actions, this isn't Apples fault, the user shouldn't jailbreak there device, period. ;)
24 months ago
I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.
People said the same thing when the first web-based iPhone jailbreak came out.
Apple will also patch this with the next software update.
[ Read All Comments ]
Our sister-site TouchArcade notes that Chillingo's excellent physics puzzler Feed Me Oil is free today for both the iPhone and iPad. It's normally $0.99 for iPhone and $1.99 for iPad....
Several years ago, Comcast began instituting bandwidth caps of 250GB per month on its residential customers. In 2008, this was plenty for most customers, but with the advent of streaming video...
Reuters reports that China Mobile Chairman Xi Guohua has once again publicly stated that the world's largest mobile phone carrier is engaged in talks with Apple about offering the iPhone to its...
Apple has filed a motion to dismiss in a case filed by customers over alleged misleading advertising depicting the Siri technology in the iPhone 4S. The lawsuit, filed in March, alleges that...
The American Customer Satisfaction Index (ASCI) today released its latest rankings of customer satisfaction in the United States for mobile phones and a number of products and services, with the new...
