Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

1.1.1 Jailbreak Complete, Security Ramifications

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,549
30,869


Engadget's Ryan Block has confirmed that a beta test of the latest jailbreak method for the 1.1.1 firmware of the iPhone and iPod touch works.

The current method uses a vulnerability in 1.1.1's mobile Safari to gain root access to the device. Currently, this is the only method available to jailbreak an already upgraded iPhone or iPod Touch, as previous methods relied on firmware 1.0.2 still being available.

While the developers are using the Safari vulnerability for somewhat benevolent purposes, it does raise a potential security issue for users. The vulnerability lies in mobile Safari's handling of TIFF images, where viewing a malformed TIFF image allows root access to the device.

While the jailbreak is now complete from all angles, it still does not mean that the methods are ready for adoption by general users. We will consider it ready when Installer.app (or equivalent) is updated for the latest firmware.


Ongoing iPhone coverage at macrumors.com/iPhone

Article Link
 
Article Link
https://www.macrumors.com/2007/10/10/1-1-1-jailbreak-complete-security-ramifications/
S

shoelessone

macrumors 6502
Jul 17, 2007
347
0
Woot! Sort of. Well, I def. consider this good news :)


edit: does anybody know what this means for iPhone AT&Tless activation? I've been waiting to buy an iPhone until the thing can be activated without AT&T service....
 
fanbrain

fanbrain

macrumors 6502
Jan 31, 2005
275
48
So. UT
I haven't installed jailbreak before, but I'm planning to once Installer.app is available. I can't wait.
 
M

matthewHUB

macrumors 6502
Nov 29, 2005
499
4
so much for OS X security.... :rolleyes:

I'd rather have a secure web browser and some decent Apple-approved applications, then install this.
 
D

dscottbuch

macrumors member
Mar 13, 2002
85
35
Not really good news

This will certainly be fixed in 1.1.2 and not to frustrate the iPhoneDevTeam but because its an actual security issues. Then what? Without the key to decrypt the frameworks then 1.1.2 will break all of the apps developed here, again, not because Apple wants to frustrate hacker but because they are continuing to change/develop the API.
 
longofest

longofest

Editor emeritus
Jul 10, 2003
2,925
1,693
Falls Church, VA
matthewHUB said:
so much for OS X security.... :rolleyes:

I'd rather have a secure web browser and some decent Apple-approved applications, then install this.
Click to expand...

As much as some people don't like the iPhone Dev team and don't want to actually install the 3rd party apps they develop, you have to say this about them... they find Apple's bugs :)
 
mainstreetmark

mainstreetmark

macrumors 68020
May 7, 2003
2,228
293
Saint Augustine, FL
Yep, this is certainly a very temporary situation. It would be impossible to imagine Apple won't close this hole, since it is a security issue.

If I had time, I'd explore how a malformed TIFF could gain you root access. Anybody have a 3 sentence summary?

Edit: Someone said "Apple Approved" applications. Why does Apple have to approve them? They don't for regular Mac applications, thank god. If all apps have to go through some certification scheme, we'll be limited to what we get. In the end, don't install shady apps from shady people (like always) and you'll be fine!
 
D

dvkid

macrumors regular
Feb 18, 2006
176
68
This is all good and well, but now we KNOW Apple will fix this in their next update as it is a security vulnerability. In fact, now that it has been brought to light I wouldn't be suprised to see a security update in the next couple of days. Sure, you don't have to install it, but all new iPhones and Touches will already not be able to use this method.

Just seems to be like a whole lot of effort and time going into something that is becoming progressively easier to brick wall.
 
Yateball

Yateball

macrumors regular
Jul 25, 2007
105
0
I don't understand how people could install this, knowing full well that the next firmware update will make their device un-useable.

Correct me if I'm wrong but wont your iphones all "brick" once apple fixes this problem and releases the next firmware?
 
X

xelphy

macrumors newbie
Jun 30, 2007
16
0
What about unlocked 1.0.2 iPhones?

I unlocked mine, and it is still 1.0.2 (as I fear that upgrading to 1.1.1 will brick it!) --

Is anyone else in this situation? I mean I love having it unlocked and with all the apps, but sure I'd like to have my cake and eat it too (unlocked/apps, AND 1.1.1)...

Thanks!
 
G

Greydog

macrumors member
Mar 4, 2004
43
0
Yateball said:
I don't understand how people could install this, knowing full well that the next firmware update will make their device un-useable.

Correct me if I'm wrong but wont your iphones all "brick" once apple fixes this problem and releases the next firmware?
Click to expand...

Because one would imagine that once you jailbreak it, you wouldn't be foolhardy enough to upgrade the firmware to 1.1.2 and re-lock it again.
 
longofest

longofest

Editor emeritus
Jul 10, 2003
2,925
1,693
Falls Church, VA
Yateball said:
I don't understand how people could install this, knowing full well that the next firmware update will make their device un-useable.

Correct me if I'm wrong but wont your iphones all "brick" once apple fixes this problem and releases the next firmware?
Click to expand...

not necessarily... I had 3rd party applications installed on my iPhone before 1.1.1. I updated, and all that happened was Apple removed the applications.

The people who got "bricked" were people who used the 3rd party unlocks. unlocking is a subset of a jailbreak, if you will. Jailbreaking comes first... it allows developers of all sorts to write applications. Then, unlockers (those who want to unlock the phone to run on any network) write specific applications that will unlock the phone.

Some of those unlocking applications ended up bricking the iPhone when 1.1.1 was applied.
 
bdj21ya

bdj21ya

macrumors 6502a
Sep 13, 2006
559
0
From what NerveGas is saying on the dev channel, Niacin is not part of the dev team, and the dev team has their own jailbreak that does NOT rely on the tiff exploit. I'm planning on waiting for the dev team to come out with their solution, even though they aren't doing as good at getting the word out.
 
sblasl

sblasl

macrumors 6502a
Apr 25, 2004
844
0
Heber Springs, AR
You have have obviously made a decision to remain in the past. This appears to be be the only way to move forward and it is basically on a course of disaster if you so chose to embark on it. I certainly would not.

xelphy said:
I unlocked mine, and it is still 1.0.2 (as I fear that upgrading to 1.1.1 will brick it!) --

Is anyone else in this situation? I mean I love having it unlocked and with all the apps, but sure I'd like to have my cake and eat it too (unlocked/apps, AND 1.1.1)...

Thanks!
Click to expand...
 
bdj21ya

bdj21ya

macrumors 6502a
Sep 13, 2006
559
0
dscottbuch said:
This will certainly be fixed in 1.1.2 and not to frustrate the iPhoneDevTeam but because its an actual security issues. Then what? Without the key to decrypt the frameworks then 1.1.2 will break all of the apps developed here, again, not because Apple wants to frustrate hacker but because they are continuing to change/develop the API.
Click to expand...

So just to be clear, Niacin is not on the dev team, and the dev team does reportedly have their own jailbreak, not relying on the tiff exploit.

I hope that the News mods will research this and post an update to this article so we can all avoid confusion.
 
sblasl

sblasl

macrumors 6502a
Apr 25, 2004
844
0
Heber Springs, AR
Looks Like There Is Trouble in Paradise

Looks like there is trouble in paradise, First signs of a schism in the iPhone dev community:

http://www.tuaw.com/2007/10/10/first-signs-of-a-schism-in-the-iphone-dev-community/



bdj21ya said:
From what NerveGas is saying on the dev channel, Niacin is not part of the dev team, and the dev team has their own jailbreak that does NOT rely on the tiff exploit. I'm planning on waiting for the dev team to come out with their solution, even though they aren't doing as good at getting the word out.
Click to expand...
 
A

ASTRX

macrumors newbie
Oct 6, 2007
28
0
mainstreetmark said:
Yep, this is certainly a very temporary situation. It would be impossible to imagine Apple won't close this hole, since it is a security issue.

If I had time, I'd explore how a malformed TIFF could gain you root access. Anybody have a 3 sentence summary?

Edit: Someone said "Apple Approved" applications. Why does Apple have to approve them? They don't for regular Mac applications, thank god. If all apps have to go through some certification scheme, we'll be limited to what we get. In the end, don't install shady apps from shady people (like always) and you'll be fine!
Click to expand...

I'm not a 100% on this, but basically, when safari loads the TIFF it places it in the memory heap. executable intructions are actually allowed to be run from the heap. This means that if the TIFF contains "malicious" code, and the hacker is able to direct the program execution to an address in the heap, the malicious code will be executed. So basically the problem for the hackers have been to redirect the program counter to an address in the heap, which was a bit tricky due to the return address beeing stored in a dedicated register.

Someone please correct me if I'm wrong.
 
A

appleisbetter

macrumors newbie
Oct 10, 2007
3
0
Toronto
iPhone Sadness

Is it just me, or is the whole point to and iPhone/Apple Product suppose to be simplicity. I am in Canada, the land of gay marriage and Weed. It is also the land of Rogers and therefore years behind the USA. I expect I will never live to see the day I can get an iPhone here with a fair monthly rate, and at a fair price. The dollar is at par and I want to get one in the USA and bring it up here, but I feel at the end of the day having an iPhone in Canada is more trouble than it is worth. Having an iPhone unlocked seems to be more of a headache than it is worth. I am ready to just give up on the iPhone in Canada, and smoke my pain away. :-(
 
P

plumbingandtech

macrumors 68000
Jun 20, 2007
1,993
1
The current method uses a vulnerability in 1.1.1's mobile Safari to gain root access to the device.
Click to expand...

Let's all get the facts straight.

When 1.1.2 comes out and fixes this SECURITY HOLE.... apple is NOT being greedy or evil towards 3rd party apps.

Of course I expect few to remember this and complain, but we now see as I and others have said, apple fixes security holes to make the iphpne safer.

And as a result, many or most 3rd party hacks based on this security hole will fail.

Don't like this?

Don't hack your phone. Becase this is going to be an endless cycle for the time being.
 
Yateball

Yateball

macrumors regular
Jul 25, 2007
105
0
longofest said:
not necessarily... I had 3rd party applications installed on my iPhone before 1.1.1. I updated, and all that happened was Apple removed the applications.

The people who got "bricked" were people who used the 3rd party unlocks. unlocking is a subset of a jailbreak, if you will. Jailbreaking comes first... it allows developers of all sorts to write applications. Then, unlockers (those who want to unlock the phone to run on any network) write specific applications that will unlock the phone.

Some of those unlocking applications ended up bricking the iPhone when 1.1.1 was applied.
Click to expand...

Very informative, I thought apple was "bricking" anyone with 3rd party.... anything.... on their iphone.

Thanks for the info
 
B

benpatient

macrumors 68000
Nov 4, 2003
1,870
0
So why are threads about running OS X on a PC closed down on this forum when open discussion of hacking is encouraged on the front page of mr.c on a regular basis? "but it's OK, cause it's the iphone and exempt from the rulz!"

Don't get me wrong, I think it is fine to discuss things like this. I just think it stinks that the moderators crack down on "inappropriate" content when someone is talking about violating a software license or getting around copy protection, etc, and then encouraging the exact same things with the iphone. This is MAC rumors, not iPHONE rumors. Maybe start a new site and put a big link at the top of mr.c pointing people towards iphonerumors.com if that's what they want, then relegate iphone conversations to a forum area inside the "Apple hardware" section of the forums list instead of on top of that section in its own section.

The iphone is cool. But I use OS X every day and I want to know about that, not about stupid pointless hacking of safari TIFF files on the iphone. It isn't like this hack will last.

/rant
 
DaBrain

DaBrain

macrumors 65816
Feb 28, 2007
1,124
1
ERIE, PA
JonHimself said:
The problem is that this is easily "fixable" by Apple AND they can legitimately say it's for security purposes
Click to expand...

Yeah I agree! I don't get all the Hype on this! I can see it now. People install a bunch of Apps on their iPhone and iPod Touch and several weeks later Apple puts out an irresistable update and Wham all the crying begins again! It's like people are a glutton for self-punishment! A never ending cyle!

Until Apple puts out an SDK I for one would not want to play this game! Good Luck All! :rolleyes:
 
bdj21ya

bdj21ya

macrumors 6502a
Sep 13, 2006
559
0
benpatient said:
So why are threads about running OS X on a PC closed down on this forum when open discussion of hacking is encouraged on the front page of mr.c on a regular basis? "but it's OK, cause it's the iphone and exempt from the rulz!"

Don't get me wrong, I think it is fine to discuss things like this. I just think it stinks that the moderators crack down on "inappropriate" content when someone is talking about violating a software license or getting around copy protection, etc, and then encouraging the exact same things with the iphone. This is MAC rumors, not iPHONE rumors. Maybe start a new site and put a big link at the top of mr.c pointing people towards iphonerumors.com if that's what they want, then relegate iphone conversations to a forum area inside the "Apple hardware" section of the forums list instead of on top of that section in its own section.

The iphone is cool. But I use OS X every day and I want to know about that, not about stupid pointless hacking of safari TIFF files on the iphone. It isn't like this hack will last.

/rant
Click to expand...

I think the big difference is that Apple has locked people out of 3rd party development, creating a LOT of pressure to hack. In most cases hacking is only of interest to such a small group, but with the iphone it is becoming a mainstream concern.

Apple failed to lock the original phone very well, and so people got a taste of what the iPhone was really capable of. Now we're just all hoping to have the best of both worlds, Apple's updates, and the software from 3rd parties.

If you ask me, the big concern here is unlockers. While I sympathize, I kind of worry that they increase Apple's incentive to jail the iphone to keep their contract with AT&T.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom