Apple to Patch Latest Jailbreak Hole in Upcoming Software Update

[Ksizzle9]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_8 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8E401 Safari/6533.18.5)

Personally I think that mobile notifier is about the best reason possible to JB. I know it's coming in iOS 5 but the beta is still buggy and 4.x I running fantastic on my iPhone. I ha let my younger cousins use my phone for several days and realized he had put over 200 apps on there, cleared it off to my normal 25 or so, tomtom, infinity blade, let's golf, a few others. The last beta of mobile notifier is gold.

 

[Moyank24]

Jailbroke my iPad 2 today, worked too damn well... then I looked around in Cydia and couldn't find anything I wanted that wasn't already coming for free in iOS 5... Guess I'll wait for 4.3.4 to get rid of the jailbreak and Cydia...

If you're a texter the quick reply feature in BiteSMS is a must have. If they added that to iOS 5, I would almost consider not no jailbreaking. But once you use it, it's really hard to go back to the stock app.

 

[Rodimus Prime]

This is kind of like a WELL DUH thing for Apple because how Jailbreakme.com is doing it is a huge security hole in the iOS. A security hole that a lot of damage could be done if the wrong people decided to use it.

Jailbreaking should require you connecting your device to a computer or installing and running an App (example Gingerbreak.apk for android) while those are things are still using security holes they are much much harder to exploit by someone who wants to more malicious things.

I would say if Apple was not fixing this hole it would be a big deal but rushing to fix it is a good thing.

 

[andrewsd]

Get ready for the endless "Oops I updated to 4.3.4" threads.

Funny but I am an "Ooops I upgraded to 4.3.3" user because this jailbreak didn't work for me. I would have stayed on my 4.1 J/B but it said it works with 4.3.3 and it just won't work for me.

 

[Snide]

MyWi.

TetherMe.

 

[Elijahg]

Sorry, but i respectfully disagree. I have jailbroken iphone, and have everything off...WiFi, 3G, data, location, push. As such 2 day off a full charge, i am still in the 90 percentile.....Jailbroken or not, you just have to be smart about whats on and whats off. Also, use SBSettings and Remove Background Toggle, to always have a wiped-clean multi-tasking pane...nothing should be running when not in use.

My iPhone 4 easily lasts several days with light usage. That's with all those things you had listed turned on. What's the point in having a device with such features if you've got them off all the time?

 

[macsrcool1234]

ironic to the anti jailbreaking crowd....jailbreaking will actually make you MORE secure since you can patch the hole NOW.

 

[spazzcat]

Apple can work fast when patching stupid JB holes, but we're still stuck with buggy-as-hell beta 2 for iOS 5 after a month.

Where the hell is beta 3, Apple?????

You sound like you shouldn't be using betas, also Apple releases new betas about every 2 - 3 weeks....

 

[diamond.g]

TetherMe.

Does that app use the same APN that the iPhone uses? That is how the carriers are able to tell if we are tethering or not.

 

[RalfTheDog]

I thought the PDF exploit was patched long ago. I wonder how it got in there again.

PDF is an inherently scary format. There are lots of PDF exploits to be found.

Wasn't it German researchers that found a huge security hole in Android back in March too?

Regardless, I really don't have have much to say about iOS security besides the fact of there being no such thing as a completely secure Smart phone platform. Android, iOS, Web OS, and the likes can all be compromised, period.

The only secure cell phone is one that never connects to the outside world.

 

[Speedy2]

So, no, iOS is by NO MEANS safer just because Apple cripples your experience. The mere fact that you can jailbreak iOS by simply visiting a website already negates that argument.

It negates that argument since this week and until 4.3.4 is released.
Outside that timeframe, the argument holds.

And talking about security of the platform.
Which company was it again that needed to use the kill switch and regularly has to block malicious apps by the hundreds? Hmmm... I really can't remember their name. I think it rhymes with Froogle.

 

[bpaluzzi]

... its exploiting Apples own flaw that they have known about for a couple of years, but failed to fix.

False.

 

[cmaier]

JailbreakMe exploits a BUG in iOS. We all know that Its not hacking into the OS, its exploiting Apples own flaw that they have known about for a couple of years, but failed to fix.

First, they didn't know about it "for a couple of years."

Second, yes, it's a flaw - a flaw that can be used to introduced malware. Now that they know about it they are "fixing" it. Hence it makes sense that they characterize it as a "fix."

 

[munkery]

Is this hole present in the OSX version of Safari?

Jailbreakme requires two exploits. Often, the remote exploit is shared with OS X but the local exploit, which is the more meaningful of the two because it provides system level access, is not found in OS X. Several elements of these OSs are quite different.

Also, previous posts suggest the remote exploit does not affect Safari on OS X. Often, the remote exploits are also found in Safari in OS X but they are not completely analogous for the exact exploit to be functional in OS X.

Developing exploits that link multiple exploits together takes a lot of time. I doubt these holes will be used in malware in the wild for iOS prior to being patched by Apple. Comex, the developer of Jailbreakme, does not release the source code for his exploits until it is patched. Reversing the exploit then developing malware from that is unlikely to occur prior to being patched.

In terms of iOS vs Android security, here is an interesting research article:

http://www.symantec.com/content/en/...e_linkedin_2011Jun_worldwide_mobilesecuritywp

 

[MacAddict1978]

i'm going to go the apple store and JB every ipad and iphone i see

i thought it was funny... The staff would want to shoot you, but it's funny.

 

[bsolar]

It negates that argument since this week and until 4.3.4 is released.
Outside that timeframe, the argument holds.

Not having known bugs doesn't mean you are safe. Obviously if you want to publish a jailbreak you need to let the world know about the bug you are using, but more malicious hackers don't have this need.

 

[munkery]

Not having known bugs doesn't mean you are safe.

This applies to every piece of software in existence. Obviously, having known bugs does make you less safe. iOS has relatively few known bugs compared to other OSs.

Obviously if you want to publish a jailbreak you need to let the world know about the bug you are using, but more malicious hackers don't have this need.

If a hacker uses an exploit in the wild then it is also exposed to discovery. Any exploit can be reverse engineered to discover the vulnerability it uses. Comex doesn't release specific details about the exploits he uses until it is patched, so reversing is still required to create a patch or convert to malware.

 

[Menneisyys2]

Apple can work fast when patching stupid JB holes, but we're still stuck with buggy-as-hell beta 2 for iOS 5 after a month.

Where the hell is beta 3, Apple?????

Actually, it was released 24/06 and, in general, Apple releases new betas every 2 weeks. That is, the next one will come soon.

(BTW, I too find beta2 pretty useless and - apart from the lack of case-related "dead device" problems - much more buggy than beta1.)

 

[Menneisyys2]

TetherMe.

RetinaPad. Display Recorder. 3G Unrestrictor, particularly for FaceTime users. Blueooth stacks (BTStack Keyboard to connect to e.g. first-generation Apple keyboards; BTStack GPS to connect to external GPS units.). iDOS. Or, for that matter, my iPhone 3GS / 4 video camera enhancer tools (see the local threads https://forums.macrumors.com/threads/1178730/ and https://forums.macrumors.com/threads/1178171/ for iPhone 3GS and 4, respectively)

 

[iPhysicist]

Another confirmation why it was a good thing for me to switch to Android. I have apps on my Galaxy S2 that I even use for work that Apple had banned from their App Store (e.g. WiFi Analyzer). It's ridiculous that you have to jailbreak a phone to get useful software on it. It's a non-issue in Android land.

And please don't come with some safety nonsense arguments. For those of you who can read German, here is what the German BSI has to say about the security of iOS:

https://www.bsi.bund.de/ContentBSI/...lle-im-Apple-Betriebssystem-iOS-06072011.html

So, no, iOS is by NO MEANS safer just because Apple cripples your experience. The mere fact that you can jailbreak iOS by simply visiting a website already negates that argument.

Sorry for the following lines in german language...

Du bist ja sowieso ein Schwarzseher vorm Herrn... wie viel Alufolie verbrauchst du eigentlich so in der Woche?
Ich lade grundsätzlich nicht IRGENDWO PDF herunter noch wird das ein anderer hier tun. Ich besuche grundsätzlich auch nur sichere Webseiten.
Ich kann dein Androide Telefon sicher nicht für die Arbeit nutzen... und Schwachstellen hat das ebenso wie RIM oder Symbian, also geh mir nicht auf den Sack mit deinem anti iOS Genörgel. LAber nicht rum sondern schaffe etwas besseres. Dein Geschmack muß nicht der von anderen sein. Man man man...

 

[cerote]

Actually, it was released 24/06 and, in general, Apple releases new betas every 2 weeks. That is, the next one will come soon.

(BTW, I too find beta2 pretty useless and - apart from the lack of case-related "dead device" problems - much more buggy than beta1.)

Beta 2 actually decreased the lag in several areas. It also added some features not in the first beta; wifi sync and OTA updates. WiFi sync does have it's issues but for the most part works.

The decrease in lag in safari was big.

Beta 1 for me caused many issues. Beta 2 so far has handled pretty well.

 

[Menneisyys2]

Beta 2 actually decreased the lag in several areas. It also added some features not in the first beta; wifi sync and OTA updates. WiFi sync does have it's issues but for the most part works.

The decrease in lag in safari was big.

Beta 1 for me caused many issues. Beta 2 so far has handled pretty well.

Yeah, Wi-Fi sync is cool - too bad it messed up things with my iPad2 so bad that I simply wasn't able to sync even through USB (finally, had to transfer the notes I've written on my iPad via e-mail, one-by-one). The lack of paste in UIWebView (incl. Safari and autofill) was another major problem. (I use autofill a lot as our network requires frequent logins. Without autofill, you need to type a lot.) This is why I, finally, returned to 4.3.3.

 

[dr Dunkel]

Always nice to see a third party saving Apple JB is good and this is utter proof.

 

[bsolar]

This applies to every piece of software in existence. Obviously, having known bugs does make you less safe. iOS has relatively few known bugs compared to other OSs.

I never argued with that, and having less acknowledged bugs doesn't automatically mean the system is safer. A bug can exist without being acknowledged and many software companies in the past actually did try to push researchers for delaying the disclosure even with evidence in hand that the bug was exploited in the wild.

If a hacker uses an exploit in the wild then it is also exposed to discovery. Any exploit can be reverse engineered to discover the vulnerability it uses. Comex doesn't release specific details about the exploits he uses until it is patched, so reversing is still required to create a patch or convert to malware.

Being exposed to discovery doesn't mean you'll get discovered. My point was that with a published jailbreak or hack, you can simply go to the jailbreaker's website or download the jailbreaking software and figure out exactly what the bug is and how it's getting exploited. With an hacker using the bug secretly you first have to figure out the hacking is happening in the first place and then try to figure out how it happens. Having the actual software performing the hack in hand is a huge help.

 

[Prallethrin]

Exposing the exploit out into the wild, telling every blackhat in the world, leaving millions vulnerable.

But of course, having the exploit known to themselves for months, they have a patch ready from the get go when they announced their jailbreak.

Too bad for the millions of people who don't want to go through the trouble of jail-breaking and all the hassles/potential problems that come with it.


Logic clearly dictates that the needs of the few outweigh the needs of the many.

Especially when the "needs" of the few are purely just for their amusement and the needs of the many involve not getting their phones hacked and personal data stolen.

/s