Another possible exploit that could be used to JB a 3.1.3 3GS

Discussion in 'Jailbreaks and iOS Hacks' started by Applejuiced, Mar 25, 2010.

  1. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #1
    Another hole that could be possibly used to JB a stock 3.1.3 3GS
    The future looks bright again for the mouse :D
    Taken from iClarified:

    An iPhone exploit demonstrated at the CanSecWest conference today could bring back easy jailbreaks from the 1.x iPhone days.

    Wednesday, researchers hacked a non-jailbroken iPhone, Safari on Snow Leopard, and both IE 8 and Firefox on Windows 7.

    Charlie Miller won $10,000 after hacking Safari on a MacBook Pro without having physical access to the computer.

    Ralf Philipp Weinmann of the University of Luxembourg, and Vincenzo Iozzo of German company Zynamics, hacked the iPhone and will receive a $15,000 prize.

    Interestingly, their hack could mean good news for those looking to jailbreak. lozzo and Weinmann spent two weeks designing a way to steal the contents of the iPhone SMS database.

    To accomplish the attack the iPhone needs to visit a Web site which hosts the exploit code. "The payload executes and uploads the local SMS database of the phone to the server we control," said Weinmann.

    They bypassed digital code signatures using a technique known since 1997 but never used on an ARM processor. The exploit then looked for chucks in Apple's code that could be pieced together to accomplish the attack.

    While the attack was used to grab just the SMS data, it could also be used to perform a jailbreak on the device, according to MuscleNerd from the iPhone Dev-Team.

    "Congrats to @_snagg and @esizkur. This potentially re-opens userland jailbreaks that haven't been around since 1.x days (jailbreakme.com)"

    "the bug they used should exist in 3.1.3 MobileSafari on all iphones/ipods though the actual payload bytes may differ"

    MuscleNerd warns that Apple will likely close this bug as soon as possible...

    "Userland exploits affect security for all iPhones so expect Apple to close these as soon as they can. JBers avoid updates!"
     
  2. dhlizard macrumors G4

    dhlizard

    Joined:
    Mar 16, 2009
    Location:
    The Jailbreak Community
    #2
    Yea, watch for 3.1.4 any day now (since this has been exposed, it will be closed quickly, I'm sure)
    Actually, this is a real security worry and this one should be closed as I understand it.
     
  3. Applejuiced thread starter macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #3
    I wonder if they will patch it quick or take their time :)
     
  4. thelatinist macrumors 603

    thelatinist

    Joined:
    Aug 15, 2009
    Location:
    Connecticut, USA
    #4
    Note: I originally mistakenly posted this post in another thread:

    This is actually one exploit I won't be sorry to see Apple close. An exploit that allows a malicious website to jailbreak my iPhone without my knowledge and gives it access to my entire file system is just not cool.
     
  5. Applejuiced thread starter macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #5
    I hear that.
    I wonder how fast Apple patches that with a firmware update. Now we gotta be extra carefull what links or sites we visit too.
     
  6. thelatinist macrumors 603

    thelatinist

    Joined:
    Aug 15, 2009
    Location:
    Connecticut, USA
    #6
    I would actually upgrade to 3.1.4 custom if they released a patch for this exploit. I'm still on 3.1.2 and see no reason to go to 3.1.3.
     
  7. simer macrumors newbie

    Joined:
    Mar 8, 2010
    #7
    Wow! You see this exploit as that serious? I've seen a few people post that this isn't a good thing, but you are the first I have seen who has explained why. Do you feel it would be relatively easy for some unscrupulous type to attack our phones through a malicious website?

    Am I right in thinking they essentially fund these competitions by selling the information back to the manufacturers they hack? Here's hoping Apple do close this one quickly if it's as dodgy as you think!
     
  8. dhlizard macrumors G4

    dhlizard

    Joined:
    Mar 16, 2009
    Location:
    The Jailbreak Community
    #8
    Correct ! Ths is an open portal to access anyone's phone.

    Don't know if they sell this back, but Apple surely knows about it now.
     
  9. simer macrumors newbie

    Joined:
    Mar 8, 2010
    #9

    Hmm.. slightly concerning. I am assuming those of us with a new bootrom don't have the option to upgrade to a custom 3.1.4 (if Apple release it) as thelatinist is considering doing?
     
  10. dhlizard macrumors G4

    dhlizard

    Joined:
    Mar 16, 2009
    Location:
    The Jailbreak Community
    #10
    (Original reply removed as it makes assumptions about not yet available JB tools)

    Edited: We shall have to wait to see what tools might be released.
     
  11. thelatinist macrumors 603

    thelatinist

    Joined:
    Aug 15, 2009
    Location:
    Connecticut, USA
    #11
    I'm sure this was just temporary amnesia on your part, because I know you know that new bootrom phones cannot be pwned.
     
  12. dhlizard macrumors G4

    dhlizard

    Joined:
    Mar 16, 2009
    Location:
    The Jailbreak Community
    #12
    Since we were speaking hypothetically, I was sort of assuming the untethered jailbreak could/might/maybe get incorporated into any new JB tools.

    Guess I should restrain my "free thoughts" license so as not to give false hope.

    Actually, I considered just replying with "we will have to see when and if 3.1.4 gets here". In hindsight, it would have been a better response. :eek:

    Thanks for "looking out".
     
  13. simer macrumors newbie

    Joined:
    Mar 8, 2010
    #13
    I knew what you meant though. I know we're all speculating somewhat, but to be honest I'm assuming the next jb I get to use (as a new bootrom 3GS owner) will be for OS 4.0 or 3.2 at the earliest so I'll just have to look out for dubious looking websites and ignore the speculated 3.1.4 update the same as I do 3.1.3.
     

Share This Page