1.1.1 Jailbreak Complete, Security Ramifications

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Oct 10, 2007.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]

    Engadget's Ryan Block has confirmed that a beta test of the latest jailbreak method for the 1.1.1 firmware of the iPhone and iPod touch works.

    The current method uses a vulnerability in 1.1.1's mobile Safari to gain root access to the device. Currently, this is the only method available to jailbreak an already upgraded iPhone or iPod Touch, as previous methods relied on firmware 1.0.2 still being available.

    While the developers are using the Safari vulnerability for somewhat benevolent purposes, it does raise a potential security issue for users. The vulnerability lies in mobile Safari's handling of TIFF images, where viewing a malformed TIFF image allows root access to the device.

    While the jailbreak is now complete from all angles, it still does not mean that the methods are ready for adoption by general users. We will consider it ready when Installer.app (or equivalent) is updated for the latest firmware.


    Ongoing iPhone coverage at macrumors.com/iPhone

    Article Link
     
  2. macrumors 6502

    Joined:
    Jul 17, 2007
    #2
    Woot! Sort of. Well, I def. consider this good news :)


    edit: does anybody know what this means for iPhone AT&Tless activation? I've been waiting to buy an iPhone until the thing can be activated without AT&T service....
     
  3. macrumors 6502a

    lozanoj83

    Joined:
    Mar 5, 2006
    Location:
    Southern California
    #3
    Applications here we come! :)
     
  4. macrumors 68000

    JonHimself

    Joined:
    Nov 3, 2004
    Location:
    Toronto, Ontario
    #4
    The problem is that this is easily "fixable" by Apple AND they can legitimately say it's for security purposes
     
  5. macrumors 6502

    fanbrain

    Joined:
    Jan 31, 2005
    Location:
    So. UT
    #5
    I haven't installed jailbreak before, but I'm planning to once Installer.app is available. I can't wait.
     
  6. macrumors 6502

    Joined:
    Nov 29, 2005
    #6
    so much for OS X security.... :rolleyes:

    I'd rather have a secure web browser and some decent Apple-approved applications, then install this.
     
  7. macrumors member

    Joined:
    Mar 13, 2002
    #7
    Not really good news

    This will certainly be fixed in 1.1.2 and not to frustrate the iPhoneDevTeam but because its an actual security issues. Then what? Without the key to decrypt the frameworks then 1.1.2 will break all of the apps developed here, again, not because Apple wants to frustrate hacker but because they are continuing to change/develop the API.
     
  8. Editor emeritus

    longofest

    Joined:
    Jul 10, 2003
    Location:
    Falls Church, VA
    #8
    As much as some people don't like the iPhone Dev team and don't want to actually install the 3rd party apps they develop, you have to say this about them... they find Apple's bugs :)
     
  9. macrumors 68020

    mainstreetmark

    Joined:
    May 7, 2003
    Location:
    Saint Augustine, FL
    #9
    Yep, this is certainly a very temporary situation. It would be impossible to imagine Apple won't close this hole, since it is a security issue.

    If I had time, I'd explore how a malformed TIFF could gain you root access. Anybody have a 3 sentence summary?

    Edit: Someone said "Apple Approved" applications. Why does Apple have to approve them? They don't for regular Mac applications, thank god. If all apps have to go through some certification scheme, we'll be limited to what we get. In the end, don't install shady apps from shady people (like always) and you'll be fine!
     
  10. macrumors regular

    Joined:
    Feb 18, 2006
    #10
    This is all good and well, but now we KNOW Apple will fix this in their next update as it is a security vulnerability. In fact, now that it has been brought to light I wouldn't be suprised to see a security update in the next couple of days. Sure, you don't have to install it, but all new iPhones and Touches will already not be able to use this method.

    Just seems to be like a whole lot of effort and time going into something that is becoming progressively easier to brick wall.
     
  11. macrumors regular

    Yateball

    Joined:
    Jul 25, 2007
    #11
    I don't understand how people could install this, knowing full well that the next firmware update will make their device un-useable.

    Correct me if I'm wrong but wont your iphones all "brick" once apple fixes this problem and releases the next firmware?
     
  12. macrumors newbie

    Joined:
    Jun 30, 2007
    #12
    What about unlocked 1.0.2 iPhones?

    I unlocked mine, and it is still 1.0.2 (as I fear that upgrading to 1.1.1 will brick it!) --

    Is anyone else in this situation? I mean I love having it unlocked and with all the apps, but sure I'd like to have my cake and eat it too (unlocked/apps, AND 1.1.1)...

    Thanks!
     
  13. macrumors member

    Joined:
    Mar 4, 2004
    #13
    Because one would imagine that once you jailbreak it, you wouldn't be foolhardy enough to upgrade the firmware to 1.1.2 and re-lock it again.
     
  14. Editor emeritus

    longofest

    Joined:
    Jul 10, 2003
    Location:
    Falls Church, VA
    #14
    not necessarily... I had 3rd party applications installed on my iPhone before 1.1.1. I updated, and all that happened was Apple removed the applications.

    The people who got "bricked" were people who used the 3rd party unlocks. unlocking is a subset of a jailbreak, if you will. Jailbreaking comes first... it allows developers of all sorts to write applications. Then, unlockers (those who want to unlock the phone to run on any network) write specific applications that will unlock the phone.

    Some of those unlocking applications ended up bricking the iPhone when 1.1.1 was applied.
     
  15. macrumors 6502a

    bdj21ya

    Joined:
    Sep 13, 2006
    #15
    From what NerveGas is saying on the dev channel, Niacin is not part of the dev team, and the dev team has their own jailbreak that does NOT rely on the tiff exploit. I'm planning on waiting for the dev team to come out with their solution, even though they aren't doing as good at getting the word out.
     
  16. macrumors 6502a

    sblasl

    Joined:
    Apr 25, 2004
    Location:
    Heber Springs, AR
    #16
    You have have obviously made a decision to remain in the past. This appears to be be the only way to move forward and it is basically on a course of disaster if you so chose to embark on it. I certainly would not.

     
  17. macrumors 6502a

    bdj21ya

    Joined:
    Sep 13, 2006
    #17
    So just to be clear, Niacin is not on the dev team, and the dev team does reportedly have their own jailbreak, not relying on the tiff exploit.

    I hope that the News mods will research this and post an update to this article so we can all avoid confusion.
     
  18. macrumors 6502a

    sblasl

    Joined:
    Apr 25, 2004
    Location:
    Heber Springs, AR
    #18
    Looks Like There Is Trouble in Paradise

    Looks like there is trouble in paradise, First signs of a schism in the iPhone dev community:

    http://www.tuaw.com/2007/10/10/first-signs-of-a-schism-in-the-iphone-dev-community/



     
  19. macrumors newbie

    Joined:
    Oct 6, 2007
    #19
    I'm not a 100% on this, but basically, when safari loads the TIFF it places it in the memory heap. executable intructions are actually allowed to be run from the heap. This means that if the TIFF contains "malicious" code, and the hacker is able to direct the program execution to an address in the heap, the malicious code will be executed. So basically the problem for the hackers have been to redirect the program counter to an address in the heap, which was a bit tricky due to the return address beeing stored in a dedicated register.

    Someone please correct me if I'm wrong.
     
  20. macrumors newbie

    Joined:
    Oct 10, 2007
    Location:
    Toronto
    #20
    iPhone Sadness

    Is it just me, or is the whole point to and iPhone/Apple Product suppose to be simplicity. I am in Canada, the land of gay marriage and Weed. It is also the land of Rogers and therefore years behind the USA. I expect I will never live to see the day I can get an iPhone here with a fair monthly rate, and at a fair price. The dollar is at par and I want to get one in the USA and bring it up here, but I feel at the end of the day having an iPhone in Canada is more trouble than it is worth. Having an iPhone unlocked seems to be more of a headache than it is worth. I am ready to just give up on the iPhone in Canada, and smoke my pain away. :-(
     
  21. macrumors 68000

    Joined:
    Jun 20, 2007
    #21
    Let's all get the facts straight.

    When 1.1.2 comes out and fixes this SECURITY HOLE.... apple is NOT being greedy or evil towards 3rd party apps.

    Of course I expect few to remember this and complain, but we now see as I and others have said, apple fixes security holes to make the iphpne safer.

    And as a result, many or most 3rd party hacks based on this security hole will fail.

    Don't like this?

    Don't hack your phone. Becase this is going to be an endless cycle for the time being.
     
  22. macrumors regular

    Yateball

    Joined:
    Jul 25, 2007
    #22
    Very informative, I thought apple was "bricking" anyone with 3rd party.... anything.... on their iphone.

    Thanks for the info
     
  23. macrumors 68000

    Joined:
    Nov 4, 2003
    #23
    So why are threads about running OS X on a PC closed down on this forum when open discussion of hacking is encouraged on the front page of mr.c on a regular basis? "but it's OK, cause it's the iphone and exempt from the rulz!"

    Don't get me wrong, I think it is fine to discuss things like this. I just think it stinks that the moderators crack down on "inappropriate" content when someone is talking about violating a software license or getting around copy protection, etc, and then encouraging the exact same things with the iphone. This is MAC rumors, not iPHONE rumors. Maybe start a new site and put a big link at the top of mr.c pointing people towards iphonerumors.com if that's what they want, then relegate iphone conversations to a forum area inside the "Apple hardware" section of the forums list instead of on top of that section in its own section.

    The iphone is cool. But I use OS X every day and I want to know about that, not about stupid pointless hacking of safari TIFF files on the iphone. It isn't like this hack will last.

    /rant
     
  24. macrumors 65816

    DaBrain

    Joined:
    Feb 28, 2007
    Location:
    ERIE, PA
    #24
    Yeah I agree! I don't get all the Hype on this! I can see it now. People install a bunch of Apps on their iPhone and iPod Touch and several weeks later Apple puts out an irresistable update and Wham all the crying begins again! It's like people are a glutton for self-punishment! A never ending cyle!

    Until Apple puts out an SDK I for one would not want to play this game! Good Luck All! :rolleyes:
     
  25. macrumors 6502a

    bdj21ya

    Joined:
    Sep 13, 2006
    #25
    I think the big difference is that Apple has locked people out of 3rd party development, creating a LOT of pressure to hack. In most cases hacking is only of interest to such a small group, but with the iphone it is becoming a mainstream concern.

    Apple failed to lock the original phone very well, and so people got a taste of what the iPhone was really capable of. Now we're just all hoping to have the best of both worlds, Apple's updates, and the software from 3rd parties.

    If you ask me, the big concern here is unlockers. While I sympathize, I kind of worry that they increase Apple's incentive to jail the iphone to keep their contract with AT&T.
     

Share This Page