Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,280
30,341



Earlier this week, the browser-based JailbreakMe.com solution went live once again, bringing a simple new method to jailbreak a number of iOS devices including the iPad 2. The tool has proven popular, with over one million users already having taken advantage of it.

jailbreakme_crop.jpg



Similar to earlier browser-based jailbreak mechanisms, the latest version takes advantage of a flaw in the way Safari handles PDF files, a vulnerability that could also be exploited by malicious parties. Consequently, it had been expected that Apple would move relatively quickly to patch the hole once it was revealed by the jailbreak procedure.

According to the Associated Press, Apple has indeed confirmed that it will be patching the hole in a future software update, but declined to provide a timeframe for the release of the update.
Apple Inc. spokeswoman Bethan Lloyd said Thursday the company is "aware of this reported issue and developing a fix that will be available to customers in an upcoming software update."

She declined to specify when the update would be available.
Apple's statement comes after Germany's information technology security agency issued an explicit warning about the "critical weaknesses" in iOS that could result in malware being deployed through infected PDF files.

Fully aware of the potential implications of malware authors exploiting the hole, the jailbreak community has already developed a fix for the issue, which was released into the Cydia Store for jailbroken devices alongside the new technique. Users who have jailbroken their devices, even through the new JailbreakMe.com technique, can thus patch the vulnerability, while non-jailbroken devices will have to wait for Apple's solution to be released.

Article Link: Apple to Patch Latest Jailbreak Hole in Upcoming Software Update
 

justgeig

macrumors member
May 17, 2010
34
13
I'm all for jailbreakers and jailbreaking. Done it myself a few times.

Does this not put people who choose to not jailbreak into a potential security risk until Apple patches the now exposed security hole? Malicious code writers are now aware of a hole that millions of iOS devices have and the users are powerless to close it unless they choose to jailbreak and install the patch from Cydia.

Just sayin'
 

840quadra

Moderator
Staff member
Feb 1, 2005
9,254
5,966
Twin Cities Minnesota
A tradeoff of sorts. Not great for those wanting to jailbreak, but good for security.

This is good as it will likely close the security hole, hopefully before someone with more nefarious intentions use it for other wrongdoing.
 

brucku

macrumors regular
Jun 19, 2003
193
20
what is the name of the cydia app that patches the door after going through it?

Nevermind, Edit: Its called PDF Patcher 2
 

locust76

macrumors 6502a
Jan 23, 2009
688
90
Jailbroke my iPad 2 today, worked too damn well... then I looked around in Cydia and couldn't find anything I wanted that wasn't already coming for free in iOS 5... Guess I'll wait for 4.3.4 to get rid of the jailbreak and Cydia...
 

vartanarsen

macrumors 6502a
Jul 2, 2010
712
307
its funny...i jailbroke my iPad and iPhone yesterday for that very reason, to patch the hole....cannot wait for an apple update to patch such a weakness.

Its ironic, i havent downloaded any cydia apps except for Patcher 2 which i finally found.
 

klamse25

macrumors 6502a
Oct 25, 2009
610
6
Makes me wonder... Do the people at Apple actually use Jailbreakme and other jailbreak related tools in order to find the exploit? They must...
 

2 Owls

macrumors regular
Jul 26, 2010
222
0
My jailbreak lasted a day, didn't see the point to be honest, from the fuss over it.
 

fletch33

macrumors regular
Dec 11, 2008
236
1
Under a Rug
Apple Inc. spokeswoman Bethan Lloyd said Thursday the company is "aware of this reported issue and developing a fix that will be available to customers in an upcoming software update."

She declined to specify when the update would be available.

hahaha. please hurry as over 1 million people so far are so wanting this to be fixed lol
 

notjustjay

macrumors 603
Sep 19, 2003
6,056
167
Canada, eh?
I've always found it amusing how people get all defensive about how super-secure Apple iOS products are -- the same people who get super-excited about jailbreaking their devices, and who get upset when Apple fixes the vulnerability and disables the jailbreak. Yes, let's take advantage of a gaping security flaw, and boo on Apple for fixing it!

Edit: Case in point, the post right below me... what, you don't want this gaping security flaw fixed?
 
Last edited:

Winni

macrumors 68040
Oct 15, 2008
3,207
1,196
Germany.
Another confirmation why it was a good thing for me to switch to Android. I have apps on my Galaxy S2 that I even use for work that Apple had banned from their App Store (e.g. WiFi Analyzer). It's ridiculous that you have to jailbreak a phone to get useful software on it. It's a non-issue in Android land.

And please don't come with some safety nonsense arguments. For those of you who can read German, here is what the German BSI has to say about the security of iOS:

https://www.bsi.bund.de/ContentBSI/...lle-im-Apple-Betriebssystem-iOS-06072011.html

So, no, iOS is by NO MEANS safer just because Apple cripples your experience. The mere fact that you can jailbreak iOS by simply visiting a website already negates that argument.
 

powers74

macrumors 68000
Aug 18, 2008
1,861
16
At the bend in the river
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

In other news -

Prisons across the nation are trying to keep inmates from escaping...

But actually, I appreciate the jailbreakers for both giving those who are willing to go through the process added functionality, and also exposing flaws in the OS which ultimately makes it more secure. And also challenges Apple to add features that the jailbreakers introduce. Win win really.
 

Elijahg

macrumors 6502
May 23, 2005
269
174
Bath, UK
For some reason whenever I've jailbroken an iOS device in the past, even when just installing one of two apps or changing a few unimportant things, the battery life seems to really drop off, and things eventually become really sluggish.

The same happened with my iPad 2, after I jailbroke it, I was just browsing Cydia but it ended up getting really warm and munching through the battery. Perhaps the apps for jailbroken devices aren't efficiently coded, or maybe there's some kind of anti-jailbreak thing Apple's put in the kernel to sap away batteries on jailbroken devices.

I couldn't find anything useful in Cydia, so I ended up restoring back to a non-jailbroken device. As others have mentioned, most of the useful features you could get by jailbreaking have been included in the OS now anyway.
 

IBradMac

macrumors 68000
Jun 27, 2008
1,799
2
Ohio
Either apples security sucks, or the jailbreak code developers are that good. They seem to find a fair amount of holes in safari.app. That's 2 userland jailbreak's in 4.X.

Btw- I'm not complaining. :D
 

pmz

macrumors 68000
Nov 18, 2009
1,949
0
NJ
Apple can work fast when patching stupid JB holes, but we're still stuck with buggy-as-hell beta 2 for iOS 5 after a month.

Where the hell is beta 3, Apple?????
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.