Because it was a remote code execution and privilege escalation bug duo that had the potential to let malicious code execute without user knowledge and that exploit code was already in the wild ?
What is not to understand here ?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Fixes iOS PDF Security Hole With iOS 4.0.2 and 3.2.2
- Thread starter MacRumors
- Start date
- Sort by reaction score
Because it was a remote code execution and privilege escalation bug duo that had the potential to let malicious code execute without user knowledge and that exploit code was already in the wild ?
What is not to understand here ?
What the heck are you talking about?
This particular jailbreak used a dangerous security hole on the iPhone, to do something good. Irregardless of the jailbreak, Apple are obliged to patch it. It is a huge security risk. Heck, the patch is even available in Cydia. May be you should as well go complaining to the jailbreak devs for releasing a patch to their own jailbreak.
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_2 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Mobile/8A400)
I've yet to have a single issue with my iPhone 4, nor have any of my colleagues. Updated my phone. Last thing I need is a hack of my data. No plans to jailbreak an already amazing phone. Love my warranty esp for business purposes.
I've yet to have a single issue with my iPhone 4, nor have any of my colleagues. Updated my phone. Last thing I need is a hack of my data. No plans to jailbreak an already amazing phone. Love my warranty esp for business purposes.
For those who want to use iPhone / iPad in business this is an important upgrade and help to get back some confidence of your IT Security guys. Nothing is worse then a too simple click'n'break jailbreak solution.
Is there anyone out there in MacRumorsLAND besides myself that actually did the update? LMAO...
I updated once I got to the 4-5th page of this thread. I'm a consumer that likes to protect his investment, literally; I'd rather keep my identity and money in my bank than have some IT nerd take it.
It doesn't take much to get educated fellas, not only are there smart folks in the world of IT and Computer Science on these forums trying to let you know what's going on I'm sure Apple's not trying to sell products that have a major hole. Thus you have these updates. Now lets be big boys now and not have to have our mommies tell us to update and educate ourselves and understand it better.
Some of the replies on this thread have been amusing, you can really tell the the winners apart. hah
Cos thats whats happening in my case..... After 10 minutes it still wasn't letting my laptop connect to the internet. I had to do other things at that point: I was watching my team play cricket via Sky player on the phone.
If someone else is successful that's great, I'll try again when I've more time....
Your logic confuses me, but I'm easily confused so that's no surprise. Is your life so frantic and busy that it's out of the question to pause for a couple of minutes to run an update? I plugged my phone in, hit the update button and was finished within a matter of 5 minutes. I'm sure the time it took you to log into the forum and post, you could have updated the software on your iPod.
For those asking, the Handy Light tethering update still works for me after the update with the expected speeds and latency I had before.
Good lord chicken little, what is the worst thing that could happen? Some hacker renders my phone inoperable? Hell, AT&T does that every time I roll up the windows in my car!
I'm not jailbroken, have no desire to put that crap on my phone in the first place, but then again I don't see this 'vulnerability' being any worse than the other dozen that exist that haven't been acknowledged yet.
Oh I sure as hell am not going to update my iPod. I jail broke it and then patch the hole that took apple weeks to fix.
I understand not wanting to update if you're jailbroken. If my phone was jailbroken, I wouldn't update either. A few people mentioned the file size of the update as though that would deter them from updating and that just strikes me as odd.
This isn't a DoS vulnerability where the worst that can happen is a phone crash. This is a remote code execution and a privilege escalation bug. The worse that can happen is anything really. Someone could make it so that every e-mail the Mail app receives is forwarded to them, they could make it so your bank app sends your account information to them, they could make your phone into a zombie node for a DDoS which could drive up your data bill...
It's worse because it's acknowledge. Not only that, there's exploit code in the wild. Not only that, the exploit code was made to successfully deliver and execute a payload.
This is the worse vulnerability there is basically. If you know even a little something about computer security, you understand this. If you don't, well, we get comments like yours.
You don't ever search for things on Google and then click whatever links pop up ?
And social engineering my friend, it's the best tool they've got. They'll make you think you trust the link, and then you're done.
And again, no need to craft a link and have you click it. Javascript is free to download and open whatever it is they want. All they need is to get you to visit a website.
You don't ever search for things on Google and then click whatever links pop up ?
Very rarely, and even less frequently on my phone. The chances of finding a malicious PDF file in the first page of Google search results are very slim (unless you search for something dodgy to begin with).
I'm not saying that Apple shouldn't have fixed this flaw, I just don't think it's as important as other issues that they've not fixed nearly two months after release.
And by "we" I assume you are referencing the other Jerks???
Get that stick out of your butt and stop being a bully !
No reason to be condescending
Ever type in passwords to things such as email (work or personal), banking, or other possibly sensitive stuff?
Would you rather Apple left this security hole alone until AFTER someone, using the same method as the jailbreak without the "Do you wish to continue?" sneaks a keylogger onto your phone?
Or a Auto-dialer that calls 1-900 numbers?
Once the site was listed as open, it wasn't hard for someone to trace the public files and find the PDFs.
??
Apple can no longer sue your for DCMA (one of the "lets sue grandma for X x $1000 dollars! laws) infringement when/if you jailbreak - that is all. They do not have to leave a way for you to jailbreak.
well the 300 meg down load takes most people 10-15 mins to download some times longer. That is long enough to keep people from wanting to spend the time to download it for what they see is a VERY MINOR update. To most people it is just some random small update to fix some bug. Most people do not know about this huge hole iOS security.
Glad Apple finally fixed this hole.
At least some ppl do understand how serious this remote root exploit actually is. Yes, i´m jailbroken too, and tbh Multitasking does work pretty neat on an old 3G Phone, you just need to use iFile instead of using bloated Jailbreak Tools. But heck, i´ll update anyway, don´t wanna get exploited by this. Hackers could make the phone do anything they desire by me just visiting a website.
At least some ppl do understand how serious this remote root exploit actually is. Yes, i´m jailbroken too, and tbh Multitasking does work pretty neat on an old 3G Phone, you just need to use iFile instead of using bloated Jailbreak Tools. But heck, i´ll update anyway, don´t wanna get exploited by this. Hackers could make the phone do anything they desire by me just visiting a website.