1.1.1 Jailbreak Complete, Security Ramifications

[MacRumors]

Engadget's Ryan Block has confirmed that a beta test of the latest jailbreak method for the 1.1.1 firmware of the iPhone and iPod touch works.

The current method uses a vulnerability in 1.1.1's mobile Safari to gain root access to the device. Currently, this is the only method available to jailbreak an already upgraded iPhone or iPod Touch, as previous methods relied on firmware 1.0.2 still being available.

While the developers are using the Safari vulnerability for somewhat benevolent purposes, it does raise a potential security issue for users. The vulnerability lies in mobile Safari's handling of TIFF images, where viewing a malformed TIFF image allows root access to the device.

While the jailbreak is now complete from all angles, it still does not mean that the methods are ready for adoption by general users. We will consider it ready when Installer.app (or equivalent) is updated for the latest firmware.


Ongoing iPhone coverage at macrumors.com/iPhone

Article Link

[shoelessone]

Woot! Sort of. Well, I def. consider this good news


edit: does anybody know what this means for iPhone AT&Tless activation? I've been waiting to buy an iPhone until the thing can be activated without AT&T service....

[lozanoj83]

Applications here we come!

[JonHimself]

The problem is that this is easily "fixable" by Apple AND they can legitimately say it's for security purposes

[fanbrain]

I haven't installed jailbreak before, but I'm planning to once Installer.app is available. I can't wait.

[matthewHUB]

so much for OS X security....

I'd rather have a secure web browser and some decent Apple-approved applications, then install this.

[dscottbuch]

This will certainly be fixed in 1.1.2 and not to frustrate the iPhoneDevTeam but because its an actual security issues. Then what? Without the key to decrypt the frameworks then 1.1.2 will break all of the apps developed here, again, not because Apple wants to frustrate hacker but because they are continuing to change/develop the API.

[longofest]

Quote:

Originally Posted by matthewHUB

so much for OS X security....

I'd rather have a secure web browser and some decent Apple-approved applications, then install this.

As much as some people don't like the iPhone Dev team and don't want to actually install the 3rd party apps they develop, you have to say this about them... they find Apple's bugs

[mainstreetmark]

Yep, this is certainly a very temporary situation. It would be impossible to imagine Apple won't close this hole, since it is a security issue.

If I had time, I'd explore how a malformed TIFF could gain you root access. Anybody have a 3 sentence summary?

Edit: Someone said "Apple Approved" applications. Why does Apple have to approve them? They don't for regular Mac applications, thank god. If all apps have to go through some certification scheme, we'll be limited to what we get. In the end, don't install shady apps from shady people (like always) and you'll be fine!

[dvkid]

This is all good and well, but now we KNOW Apple will fix this in their next update as it is a security vulnerability. In fact, now that it has been brought to light I wouldn't be suprised to see a security update in the next couple of days. Sure, you don't have to install it, but all new iPhones and Touches will already not be able to use this method.

Just seems to be like a whole lot of effort and time going into something that is becoming progressively easier to brick wall.

[Yateball]

I don't understand how people could install this, knowing full well that the next firmware update will make their device un-useable.

Correct me if I'm wrong but wont your iphones all "brick" once apple fixes this problem and releases the next firmware?

[xelphy]

I unlocked mine, and it is still 1.0.2 (as I fear that upgrading to 1.1.1 will brick it!) --

Is anyone else in this situation? I mean I love having it unlocked and with all the apps, but sure I'd like to have my cake and eat it too (unlocked/apps, AND 1.1.1)...

Thanks!

[Greydog]

Quote:

Originally Posted by Yateball

I don't understand how people could install this, knowing full well that the next firmware update will make their device un-useable.

Correct me if I'm wrong but wont your iphones all "brick" once apple fixes this problem and releases the next firmware?

Because one would imagine that once you jailbreak it, you wouldn't be foolhardy enough to upgrade the firmware to 1.1.2 and re-lock it again.

[longofest]

Quote:

Originally Posted by Yateball

I don't understand how people could install this, knowing full well that the next firmware update will make their device un-useable.

Correct me if I'm wrong but wont your iphones all "brick" once apple fixes this problem and releases the next firmware?

not necessarily... I had 3rd party applications installed on my iPhone before 1.1.1. I updated, and all that happened was Apple removed the applications.

The people who got "bricked" were people who used the 3rd party unlocks. unlocking is a subset of a jailbreak, if you will. Jailbreaking comes first... it allows developers of all sorts to write applications. Then, unlockers (those who want to unlock the phone to run on any network) write specific applications that will unlock the phone.

Some of those unlocking applications ended up bricking the iPhone when 1.1.1 was applied.

[bdj21ya]

From what NerveGas is saying on the dev channel, Niacin is not part of the dev team, and the dev team has their own jailbreak that does NOT rely on the tiff exploit. I'm planning on waiting for the dev team to come out with their solution, even though they aren't doing as good at getting the word out.

[sblasl]

You have have obviously made a decision to remain in the past. This appears to be be the only way to move forward and it is basically on a course of disaster if you so chose to embark on it. I certainly would not.

Quote:

Originally Posted by xelphy

I unlocked mine, and it is still 1.0.2 (as I fear that upgrading to 1.1.1 will brick it!) --

Is anyone else in this situation? I mean I love having it unlocked and with all the apps, but sure I'd like to have my cake and eat it too (unlocked/apps, AND 1.1.1)...

Thanks!

[bdj21ya]

Quote:

Originally Posted by dscottbuch

This will certainly be fixed in 1.1.2 and not to frustrate the iPhoneDevTeam but because its an actual security issues. Then what? Without the key to decrypt the frameworks then 1.1.2 will break all of the apps developed here, again, not because Apple wants to frustrate hacker but because they are continuing to change/develop the API.

So just to be clear, Niacin is not on the dev team, and the dev team does reportedly have their own jailbreak, not relying on the tiff exploit.

I hope that the News mods will research this and post an update to this article so we can all avoid confusion.

[sblasl]

Looks like there is trouble in paradise, First signs of a schism in the iPhone dev community:

http://www.tuaw.com/2007/10/10/first...dev-community/

Quote:

Originally Posted by bdj21ya

From what NerveGas is saying on the dev channel, Niacin is not part of the dev team, and the dev team has their own jailbreak that does NOT rely on the tiff exploit. I'm planning on waiting for the dev team to come out with their solution, even though they aren't doing as good at getting the word out.

[ASTRX]

Quote:

Originally Posted by mainstreetmark

Yep, this is certainly a very temporary situation. It would be impossible to imagine Apple won't close this hole, since it is a security issue.

If I had time, I'd explore how a malformed TIFF could gain you root access. Anybody have a 3 sentence summary?

Edit: Someone said "Apple Approved" applications. Why does Apple have to approve them? They don't for regular Mac applications, thank god. If all apps have to go through some certification scheme, we'll be limited to what we get. In the end, don't install shady apps from shady people (like always) and you'll be fine!

I'm not a 100% on this, but basically, when safari loads the TIFF it places it in the memory heap. executable intructions are actually allowed to be run from the heap. This means that if the TIFF contains "malicious" code, and the hacker is able to direct the program execution to an address in the heap, the malicious code will be executed. So basically the problem for the hackers have been to redirect the program counter to an address in the heap, which was a bit tricky due to the return address beeing stored in a dedicated register.

Someone please correct me if I'm wrong.

[appleisbetter]

Is it just me, or is the whole point to and iPhone/Apple Product suppose to be simplicity. I am in Canada, the land of gay marriage and Weed. It is also the land of Rogers and therefore years behind the USA. I expect I will never live to see the day I can get an iPhone here with a fair monthly rate, and at a fair price. The dollar is at par and I want to get one in the USA and bring it up here, but I feel at the end of the day having an iPhone in Canada is more trouble than it is worth. Having an iPhone unlocked seems to be more of a headache than it is worth. I am ready to just give up on the iPhone in Canada, and smoke my pain away. :-(

[plumbingandtech]

Quote:

The current method uses a vulnerability in 1.1.1's mobile Safari to gain root access to the device.

Let's all get the facts straight.

When 1.1.2 comes out and fixes this SECURITY HOLE.... apple is NOT being greedy or evil towards 3rd party apps.

Of course I expect few to remember this and complain, but we now see as I and others have said, apple fixes security holes to make the iphpne safer.

And as a result, many or most 3rd party hacks based on this security hole will fail.

Don't like this?

Don't hack your phone. Becase this is going to be an endless cycle for the time being.

[Yateball]

Quote:

Originally Posted by longofest

not necessarily... I had 3rd party applications installed on my iPhone before 1.1.1. I updated, and all that happened was Apple removed the applications.

The people who got "bricked" were people who used the 3rd party unlocks. unlocking is a subset of a jailbreak, if you will. Jailbreaking comes first... it allows developers of all sorts to write applications. Then, unlockers (those who want to unlock the phone to run on any network) write specific applications that will unlock the phone.

Some of those unlocking applications ended up bricking the iPhone when 1.1.1 was applied.

Very informative, I thought apple was "bricking" anyone with 3rd party.... anything.... on their iphone.

Thanks for the info

[benpatient]

So why are threads about running OS X on a PC closed down on this forum when open discussion of hacking is encouraged on the front page of mr.c on a regular basis? "but it's OK, cause it's the iphone and exempt from the rulz!"

Don't get me wrong, I think it is fine to discuss things like this. I just think it stinks that the moderators crack down on "inappropriate" content when someone is talking about violating a software license or getting around copy protection, etc, and then encouraging the exact same things with the iphone. This is MAC rumors, not iPHONE rumors. Maybe start a new site and put a big link at the top of mr.c pointing people towards iphonerumors.com if that's what they want, then relegate iphone conversations to a forum area inside the "Apple hardware" section of the forums list instead of on top of that section in its own section.

The iphone is cool. But I use OS X every day and I want to know about that, not about stupid pointless hacking of safari TIFF files on the iphone. It isn't like this hack will last.

/rant

[DaBrain]

Quote:

Originally Posted by JonHimself

The problem is that this is easily "fixable" by Apple AND they can legitimately say it's for security purposes

Yeah I agree! I don't get all the Hype on this! I can see it now. People install a bunch of Apps on their iPhone and iPod Touch and several weeks later Apple puts out an irresistable update and Wham all the crying begins again! It's like people are a glutton for self-punishment! A never ending cyle!

Until Apple puts out an SDK I for one would not want to play this game! Good Luck All!

[bdj21ya]

Quote:

Originally Posted by benpatient

So why are threads about running OS X on a PC closed down on this forum when open discussion of hacking is encouraged on the front page of mr.c on a regular basis? "but it's OK, cause it's the iphone and exempt from the rulz!"

Don't get me wrong, I think it is fine to discuss things like this. I just think it stinks that the moderators crack down on "inappropriate" content when someone is talking about violating a software license or getting around copy protection, etc, and then encouraging the exact same things with the iphone. This is MAC rumors, not iPHONE rumors. Maybe start a new site and put a big link at the top of mr.c pointing people towards iphonerumors.com if that's what they want, then relegate iphone conversations to a forum area inside the "Apple hardware" section of the forums list instead of on top of that section in its own section.

The iphone is cool. But I use OS X every day and I want to know about that, not about stupid pointless hacking of safari TIFF files on the iphone. It isn't like this hack will last.

/rant

I think the big difference is that Apple has locked people out of 3rd party development, creating a LOT of pressure to hack. In most cases hacking is only of interest to such a small group, but with the iphone it is becoming a mainstream concern.

Apple failed to lock the original phone very well, and so people got a taste of what the iPhone was really capable of. Now we're just all hoping to have the best of both worlds, Apple's updates, and the software from 3rd parties.

If you ask me, the big concern here is unlockers. While I sympathize, I kind of worry that they increase Apple's incentive to jail the iphone to keep their contract with AT&T.