1.1.1 Jailbreak Complete, Security Ramifications

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Oct 10, 2007.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Engadget's Ryan Block has confirmed that a beta test of the latest jailbreak method for the 1.1.1 firmware of the iPhone and iPod touch works.

    The current method uses a vulnerability in 1.1.1's mobile Safari to gain root access to the device. Currently, this is the only method available to jailbreak an already upgraded iPhone or iPod Touch, as previous methods relied on firmware 1.0.2 still being available.

    While the developers are using the Safari vulnerability for somewhat benevolent purposes, it does raise a potential security issue for users. The vulnerability lies in mobile Safari's handling of TIFF images, where viewing a malformed TIFF image allows root access to the device.

    While the jailbreak is now complete from all angles, it still does not mean that the methods are ready for adoption by general users. We will consider it ready when Installer.app (or equivalent) is updated for the latest firmware.

    Ongoing iPhone coverage at macrumors.com/iPhone

    Article Link
  2. shoelessone macrumors 6502

    Jul 17, 2007
    Woot! Sort of. Well, I def. consider this good news :)

    edit: does anybody know what this means for iPhone AT&Tless activation? I've been waiting to buy an iPhone until the thing can be activated without AT&T service....
  3. lozanoj83 macrumors 6502a


    Mar 5, 2006
    Southern California
  4. JonHimself macrumors 68000


    Nov 3, 2004
    Toronto, Ontario
    The problem is that this is easily "fixable" by Apple AND they can legitimately say it's for security purposes
  5. fanbrain macrumors 6502


    Jan 31, 2005
    So. UT
    I haven't installed jailbreak before, but I'm planning to once Installer.app is available. I can't wait.
  6. matthewHUB macrumors 6502

    Nov 29, 2005
    so much for OS X security.... :rolleyes:

    I'd rather have a secure web browser and some decent Apple-approved applications, then install this.
  7. dscottbuch macrumors member

    Mar 13, 2002
    Not really good news

    This will certainly be fixed in 1.1.2 and not to frustrate the iPhoneDevTeam but because its an actual security issues. Then what? Without the key to decrypt the frameworks then 1.1.2 will break all of the apps developed here, again, not because Apple wants to frustrate hacker but because they are continuing to change/develop the API.
  8. longofest Editor emeritus


    Jul 10, 2003
    Falls Church, VA
    As much as some people don't like the iPhone Dev team and don't want to actually install the 3rd party apps they develop, you have to say this about them... they find Apple's bugs :)
  9. mainstreetmark macrumors 68020


    May 7, 2003
    Saint Augustine, FL
    Yep, this is certainly a very temporary situation. It would be impossible to imagine Apple won't close this hole, since it is a security issue.

    If I had time, I'd explore how a malformed TIFF could gain you root access. Anybody have a 3 sentence summary?

    Edit: Someone said "Apple Approved" applications. Why does Apple have to approve them? They don't for regular Mac applications, thank god. If all apps have to go through some certification scheme, we'll be limited to what we get. In the end, don't install shady apps from shady people (like always) and you'll be fine!
  10. dvkid macrumors regular

    Feb 18, 2006
    This is all good and well, but now we KNOW Apple will fix this in their next update as it is a security vulnerability. In fact, now that it has been brought to light I wouldn't be suprised to see a security update in the next couple of days. Sure, you don't have to install it, but all new iPhones and Touches will already not be able to use this method.

    Just seems to be like a whole lot of effort and time going into something that is becoming progressively easier to brick wall.
  11. Yateball macrumors regular


    Jul 25, 2007
    I don't understand how people could install this, knowing full well that the next firmware update will make their device un-useable.

    Correct me if I'm wrong but wont your iphones all "brick" once apple fixes this problem and releases the next firmware?
  12. xelphy macrumors newbie

    Jun 30, 2007
    What about unlocked 1.0.2 iPhones?

    I unlocked mine, and it is still 1.0.2 (as I fear that upgrading to 1.1.1 will brick it!) --

    Is anyone else in this situation? I mean I love having it unlocked and with all the apps, but sure I'd like to have my cake and eat it too (unlocked/apps, AND 1.1.1)...

  13. Greydog macrumors member

    Mar 4, 2004
    Because one would imagine that once you jailbreak it, you wouldn't be foolhardy enough to upgrade the firmware to 1.1.2 and re-lock it again.
  14. longofest Editor emeritus


    Jul 10, 2003
    Falls Church, VA
    not necessarily... I had 3rd party applications installed on my iPhone before 1.1.1. I updated, and all that happened was Apple removed the applications.

    The people who got "bricked" were people who used the 3rd party unlocks. unlocking is a subset of a jailbreak, if you will. Jailbreaking comes first... it allows developers of all sorts to write applications. Then, unlockers (those who want to unlock the phone to run on any network) write specific applications that will unlock the phone.

    Some of those unlocking applications ended up bricking the iPhone when 1.1.1 was applied.
  15. bdj21ya macrumors 6502a


    Sep 13, 2006
    From what NerveGas is saying on the dev channel, Niacin is not part of the dev team, and the dev team has their own jailbreak that does NOT rely on the tiff exploit. I'm planning on waiting for the dev team to come out with their solution, even though they aren't doing as good at getting the word out.
  16. sblasl macrumors 6502a


    Apr 25, 2004
    Heber Springs, AR
    You have have obviously made a decision to remain in the past. This appears to be be the only way to move forward and it is basically on a course of disaster if you so chose to embark on it. I certainly would not.

  17. bdj21ya macrumors 6502a


    Sep 13, 2006
    So just to be clear, Niacin is not on the dev team, and the dev team does reportedly have their own jailbreak, not relying on the tiff exploit.

    I hope that the News mods will research this and post an update to this article so we can all avoid confusion.
  18. sblasl macrumors 6502a


    Apr 25, 2004
    Heber Springs, AR
    Looks Like There Is Trouble in Paradise

    Looks like there is trouble in paradise, First signs of a schism in the iPhone dev community:


  19. ASTRX macrumors newbie

    Oct 6, 2007
    I'm not a 100% on this, but basically, when safari loads the TIFF it places it in the memory heap. executable intructions are actually allowed to be run from the heap. This means that if the TIFF contains "malicious" code, and the hacker is able to direct the program execution to an address in the heap, the malicious code will be executed. So basically the problem for the hackers have been to redirect the program counter to an address in the heap, which was a bit tricky due to the return address beeing stored in a dedicated register.

    Someone please correct me if I'm wrong.
  20. appleisbetter macrumors newbie

    Oct 10, 2007
    iPhone Sadness

    Is it just me, or is the whole point to and iPhone/Apple Product suppose to be simplicity. I am in Canada, the land of gay marriage and Weed. It is also the land of Rogers and therefore years behind the USA. I expect I will never live to see the day I can get an iPhone here with a fair monthly rate, and at a fair price. The dollar is at par and I want to get one in the USA and bring it up here, but I feel at the end of the day having an iPhone in Canada is more trouble than it is worth. Having an iPhone unlocked seems to be more of a headache than it is worth. I am ready to just give up on the iPhone in Canada, and smoke my pain away. :-(
  21. plumbingandtech macrumors 68000

    Jun 20, 2007
    Let's all get the facts straight.

    When 1.1.2 comes out and fixes this SECURITY HOLE.... apple is NOT being greedy or evil towards 3rd party apps.

    Of course I expect few to remember this and complain, but we now see as I and others have said, apple fixes security holes to make the iphpne safer.

    And as a result, many or most 3rd party hacks based on this security hole will fail.

    Don't like this?

    Don't hack your phone. Becase this is going to be an endless cycle for the time being.
  22. Yateball macrumors regular


    Jul 25, 2007
    Very informative, I thought apple was "bricking" anyone with 3rd party.... anything.... on their iphone.

    Thanks for the info
  23. benpatient macrumors 68000

    Nov 4, 2003
    So why are threads about running OS X on a PC closed down on this forum when open discussion of hacking is encouraged on the front page of mr.c on a regular basis? "but it's OK, cause it's the iphone and exempt from the rulz!"

    Don't get me wrong, I think it is fine to discuss things like this. I just think it stinks that the moderators crack down on "inappropriate" content when someone is talking about violating a software license or getting around copy protection, etc, and then encouraging the exact same things with the iphone. This is MAC rumors, not iPHONE rumors. Maybe start a new site and put a big link at the top of mr.c pointing people towards iphonerumors.com if that's what they want, then relegate iphone conversations to a forum area inside the "Apple hardware" section of the forums list instead of on top of that section in its own section.

    The iphone is cool. But I use OS X every day and I want to know about that, not about stupid pointless hacking of safari TIFF files on the iphone. It isn't like this hack will last.

  24. DaBrain macrumors 65816


    Feb 28, 2007
    ERIE, PA
    Yeah I agree! I don't get all the Hype on this! I can see it now. People install a bunch of Apps on their iPhone and iPod Touch and several weeks later Apple puts out an irresistable update and Wham all the crying begins again! It's like people are a glutton for self-punishment! A never ending cyle!

    Until Apple puts out an SDK I for one would not want to play this game! Good Luck All! :rolleyes:
  25. bdj21ya macrumors 6502a


    Sep 13, 2006
    I think the big difference is that Apple has locked people out of 3rd party development, creating a LOT of pressure to hack. In most cases hacking is only of interest to such a small group, but with the iphone it is becoming a mainstream concern.

    Apple failed to lock the original phone very well, and so people got a taste of what the iPhone was really capable of. Now we're just all hoping to have the best of both worlds, Apple's updates, and the software from 3rd parties.

    If you ask me, the big concern here is unlockers. While I sympathize, I kind of worry that they increase Apple's incentive to jail the iphone to keep their contract with AT&T.

Share This Page