Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Fixes iOS PDF Security Hole With iOS 4.0.2 and 3.2.2

KnightWRX said:
What is more important than a Remote Root vulnerability that has exploit code out in the wild ? I seriously hope you're not even near being in charge of computers where you work. :rolleyes:
Click to expand...

You got that right, not even close of being in charge of computers. But come on, rushing to fix a hole that allowed jailbraking and take forever to update other stuff? I don't agree that this should be a top priority that's all I'm saying.
 
ranguvar said:
About time. Apple needs to improve their security hole fixing speed...
Click to expand...

Most likely the fix itself was straightforward, but maybe they did some 'fuzzing' or other security analysis in order to prevent similar attacks in the future...?
 
GadgetAddict said:
You got that right, not even close of being in charge of computers. But come on, rushing to fix a hole that allowed jailbraking and take forever to update other stuff? I don't agree that this should be a top priority that's all I'm saying.
Click to expand...
No - this is to fix a major exploit that allows root access. That is the main problem that they are fixing. That you can use this exploit this to jailbreak is irrelevant.
 
ianray said:
Most likely the fix itself was straightforward, but maybe they did some 'fuzzing' or other security analysis in order to prevent similar attacks in the future...?
Click to expand...

Well it looks like part of the Safari/PDF vulnerability was caused by the open source FreeType font library, as explained in Apple's security notes and this note from the FreeType guys: http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

I bet a lot of Apple's security issues are caused by the open source software they use. Probably any other software that uses FreeType will be vulnerable until patched, too.

So the question is does Apple have the resources to fix such problems in third party libraries, or does it have to wait for the developers of these libraries to fix the problems first?
 
rwilliams said:
There's a download for jailbroken phones that will warn you whenever a PDF tries to open and requires explicit permission by the user. We'll be all right. :)
Click to expand...

For jailbroken phones. You made my point. It doesn't get installed automatically (unless something has changed) and if people aren't updating to 4.0.2/3.2.2 because they just don't care then they don't get that silly prompt because they aren't jailbroken.

While you may be fine with it, the vast majority of users are not jailbroken.
 
carmenodie said:
You have your nerve. You're a mere whatever but certainly not an Apple engineer.
Must be great, at least in your own mind, to sit back and criticize something of this nature.
Besides, what is more stupid than you jailbreakers heading to a JB website to download code into your device without knowing who the hell the people are behind it. Suckers comes to mind.
Click to expand...

If you knew anything about jailbreaking you would realize how ignorant your statement is. Cydia is its own app store and has its own approval process for repositories. Not just any schmuck can throw an app in there.

And if anything did have an exploit it would get reported and fixed or deleted much faster than through Apple. The jailbreaking community is very supportive and much more knowledgable than the average iPad/iPhone user that doesn't even really know how to fully utilize the device. Most just consider it a toy, which it can be, but it can also be so much more if you want it to be.

You are allowing Apple to lock you down and you just accept it. If you ask me, you are the sucker.

Now I can't speak for those that use the jailbreak to steal apps because I am not one of them, but they get what they deserve if they happen to get exploited while stealing.
 
tigres said:
An update worth skipping
Click to expand...
Yeah, you should skip it. It's just correcting a security hole allowing anybody to execute any code on your device.

It seems that stupidity has no limit ...:rolleyes:
 
dukebound85 said:
We get it lol
Click to expand...

Obviously some don't since people are still saying they won't upgrade or that "thanks for stopping jailbreaks Apple!".

You do understand that while you might read the whole thread, most people don't right ? :rolleyes:

GadgetAddict said:
You got that right, not even close of being in charge of computers. But come on, rushing to fix a hole that allowed jailbraking and take forever to update other stuff? I don't agree that this should be a top priority that's all I'm saying.
Click to expand...

And in the world of IT, remote root vulnerabilities are the toppest of top priorities. Who cares that your gizmo doesn't quite turn off the screen right when held close when the outside world has access to anything and everything on your phone ? Seriously, you'd rather not have to hold 1 model of the phone an inch away than not have to worry about someone getting a hold of your entire identity and access to your e-mails, bank info and other important stuff while you surf the web whatever model you use ?

Wow. Priorities. As a 3GS user, I'm glad Apple understand what is more important here.
 
GadgetAddict said:
You got that right, not even close of being in charge of computers. But come on, rushing to fix a hole that allowed jailbraking and take forever to update other stuff? I don't agree that this should be a top priority that's all I'm saying.
Click to expand...

Then you're wrong. Pure and simple, no haggling wrong!
 
Thanks to the JB community for finding a serious hole, and thanks to Apple for plugging it promptly :)
 
ekfaith said:
:apple: Hmmmm, wonder if this fixes the slowwwwwwwness issues with the 3G?
Click to expand...

Why is it so hard for people to understand that this update just closes the security hole, just like the release notes say?? Any other potential updates will be in 4.1.
 
Simplicated said:
Seriously? No update for ipt1 and original iPhone?

Apple’s effort in persuading users to upgrade starts to annoy me, seriously.
Click to expand...

Well, they aren't supported anymore...

ekfaith said:
:apple: Hmmmm, wonder if this fixes the slowwwwwwwness issues with the 3G?
Click to expand...

4.1.

Simplicated said:
I bet you didn't understand that I meant Apple should have released a 3.1.4 update.
Click to expand...

dukebound85 said:
Yet the same exploit was used:rolleyes:
Click to expand...

This I do agree with. They're leaving legacy users open to the hole.
 
will this unjailbreak my phone if i already jailbroke it? it doesnt make sense because apple can shut out people who jailbreak their phone. it isnt illegal so they cant patch a jailbroken phone everytime. why cant they just fix the flaw without unjailbreaking the phone
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back