Apple to Patch Latest Jailbreak Hole in Upcoming Software Update

[imola.zhp]

I downloaded that program the other day, I couldn't figure out how to use it and then my phone starting freezing up a lot...

Did a restore yesterday morning, everything is back to normal.

Its just a phone, I don't need to have control over everything on it...

 

[cozmot]

APple should just pay jailbreakme.com for the patch and be done with it. As much as I love Apple, they're always slow on patching security flaws.

 

[bsolar]

Exposing the exploit out into the wild, telling every blackhat in the world, leaving millions vulnerable.

But of course, having the exploit known to themselves for months, they have a patch ready from the get go when they announced their jailbreak.

I agree that responsible disclosure would have been better, but the end result will be these bugs getting fixed. In the end they will actually end up contributing in making iOS safer.

It's true that now that the bug is public knowledge Apple has to rush in fixing it, since less capable hackers can try to copy their exploit. But with security you are better to plan for the worst scenario. If they were able to successfully exploit this bug you are better assuming other more malicious hackers were able to do the same even without their informations.

 

[Bernard SG]

Exposing the exploit out into the wild, telling every blackhat in the world, leaving millions vulnerable.

But of course, having the exploit known to themselves for months, they have a patch ready from the get go when they announced their jailbreak.

Too bad for the millions of people who don't want to go through the trouble of jail-breaking and all the hassles/potential problems that come with it.


Logic clearly dictates that the needs of the few outweigh the needs of the many.

Especially when the "needs" of the few are purely just for their amusement and the needs of the many involve not getting their phones hacked and personal data stolen.

/s

I wholeheartedly agree. Plus there is something that Comex & Co. don't realize or don't give a fig about: there are millions of non technology-savvy users out there who unfortunately don't update their devices' OS, so even if Apple patches, there will be a considerable subset of users left vulnerable in case of criminal utilization of the security hole.
That peculiar way of jail breaking is particularly irresponsible, borderline unethical.

 

[bsolar]

I wholeheartedly agree. Plus there is something that Comex & Co. don't realize or don't give a fig about: there are millions of non technology-savvy users out there who unfortunately don't update their devices' OS, so even if Apple patches, there will be a considerable subset of users left vulnerable in case of criminal utilization of the security hole.
That peculiar way of jail breaking is particularly irresponsible, borderline unethical.

This was true in the past for other OSes like Windows, but thanks to pretty broad informative campaings (and lots of trouble) nowadays everyone knows a computer operating system has to be patched regulary for security. The same has to happen for smartphones. There is no excuse for not applying security patches.

Public disclosure of an exploit is a grey area. My opinion is that is better to give notice to the company which mantains the software before the disclosure, but sometimes software companies are not interested in fixing the software with the due urgency and actually push for keeping the matter secret. In this case who found the exploit was interested in using the exploit themselves so it's obvious they didn't inform Apple, but Apple should know pretty well by now that PDF is a security risk.

In any case if your walled garden has a breached wall you should complain to who mantains the wall more than to who pointed out a breach exists. Now the exploit is public knowledge for a few days and I am still waiting for Apple's patch.

 

[munkery]

Now the exploit is public knowledge for a few days and I am still waiting for Apple's patch.

Apple does pretty good dealing with public zero days.

http://www.vupen.com/english/zerodays/

I doubt this vulnerability will take as long to patch as some of the other items on that list.

 

[jonnysods]

These guys impress me with how much time they put into doing stuff like this. It must take ages to find bugs and exploit them. I'm glad they do!

 

[cozmot]

Apple does pretty good dealing with public zero days.

http://www.vupen.com/english/zerodays/

I doubt this vulnerability will take as long to patch as some of the other items on that list.

I looked at that list, and holy cow!, some serious vulnerabilities have gone unpatched for years! Microsoft, of course, is among them, with 1427 days passing (that's 3.9 years) with a vulnerability in the DirectX Media SDK. Blackberry, on the other hand, has a mere 116 days passing with a critical vulnerability in its phone. That must comfort their business customers.