Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Fixes iOS PDF Security Hole With iOS 4.0.2 and 3.2.2

I really need Apple to fix the proximity sensor issue and send that out by itself right away. I mute myself every single time.
 
To those complaining about the size of updates for iOS, reinstalling iOS at each update (especially with recent root escalation exploit) eliminates any malicious software that may have been installed due to an exploit.

This promotes security and saves them from having to include software that can find malicious code to remove it. Such programs (antivirus software) are bloated, eat up resources, and reduce battery life.
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A306 Safari/6531.22.7)

Pecker said:
Looking to see if this will fix the proximity sensor bug as well...
Click to expand...

The proximity sensor is a non-issue. Just don't hold it up to your face!

Be sure to drink your ovaltine.
 
Warbrain said:
Rather than fix a major security hole? Get back to your Windows XP.
Click to expand...

It's a major security hole, but it's not likely to be exploited (or rather, I don't expect people would actually experience a malicious attack on their phone - I'm not aware of any "in the wild" malicious usage of the exploit).

If people can't use their phone because it's too slow or the proximity sensor fails and it hangs up their calls that's far more important.
 
madmaxmedia said:
Or not, since dev team is one of the most well-respected hacking groups around.

The only thing I will say, is that the jailbreak made the exploit widely known, such that someone else might learn about it and try to use it. But at the same time, making the exploit widely known probably reduced the response time for Apple to fix it.
Click to expand...

But how exactly did this exploit become known? A small handful of people knew how to exploit this hole for jailbreaking purposes. Did they then start blabbing about exactly how they did it? Who let the media know it was due to code hidden in a font from a downloaded PDF? And if this exact security hole wasn't disclosed by the dev team, would've Apple been able to find it and patch it?
 
Please Apple Fix a Real Problem.......

scottnj1966 said:
I really need Apple to fix the proximity sensor issue and send that out by itself right away. I mute myself every single time.
Click to expand...

I here ya......a few more weeks and ill trade this iPhone 4 for a good 3gs....gezzzzz

Almost every call is a problem......Only good thing is......My minutes have went down lol.........I'm just not using the phone as much.... :mad:
 
GadgetAddict said:
You got that right, not even close of being in charge of computers. But come on, rushing to fix a hole that allowed jailbraking and take forever to update other stuff? I don't agree that this should be a top priority that's all I'm saying.
Click to expand...

If the demonstration code for this hole had been to steal data off of iPhones and post it on a website rather than jailbreaking the phone, would your sense of urgency change? Because you can bet code to steal data is either already in the wild or is close and will soon be using this same method.

GodWhomIsMike said:
Let me get this straight... The only thing Apple "fixed" with this update was to close the loophole where you can jailbreak it from a website? So, nothing has been done for those iPhone 3G users like me, who have been suffering with horrible performance issues since upgrading to iOS4?
All Apple seems to care about it how you use the phone, and not how well the phone actually works. I'll remember this when it comes time to replace my phone in a few months, that is, if I can wait that long with this super slow iPhone 3G.
Click to expand...

Unlike the 3Gs and 4, can't the 3G can be restored with older versions of iOS? If so, why not go back to 3.x until performance issues on the 3G are fixed?
 
Nice and smooth update with only a very short downtime.

Good job Apple. iOS 4.1 next please! :)
 
Daveoc64 said:
It's a major security hole, but it's not likely to be exploited (or rather, I don't expect people would actually experience a malicious attack on their phone - I'm not aware of any "in the wild" malicious usage of the exploit).

If people can't use their phone because it's too slow or the proximity sensor fails and it hangs up their calls that's far more important.
Click to expand...

No, it's not. Major security holes need fixing first. Just because you, with your all-knowing mind, don't know of any active code execution involving this exploit outside of the jailbreak doesn't mean they aren't out there.

And, as I've said before to other users...4.1.
 
Warbrain said:
It's not a stupid jailbreaking hole. It's an exploit that allows for arbitrary code execution.
Click to expand...

Apple's software quality not up to the mark lately...

"Everything works" to "Everything breaks" -> not sure when they will go to the level microsoft, kinda irritating...

better hire additional resources to manage ever growing business!
 
jzuena said:
Unlike the 3Gs and 4, can't the 3G can be restored with older versions of iOS? If so, why not go back to 3.x until performance issues on the 3G are fixed?
Click to expand...
Yes it can. And I've done exactly that with my 3G. But I'm hopeful for a future update that will perform better. I expect it's a hope never to be realized though. Older hardware gets left behind as software matures.
 
dukebound85 said:
so my first gen ipod touch is out of luck? stuck with this vulnerability forever?
Click to expand...

Yeah it is starting to look like it. My gen one is also stuck. I am not feeling good about having my bank app on it now. Remote code execution plus bank info is not a good thing.
 
kas23 said:
But how exactly did this exploit become known? A small handful of people knew how to exploit this hole for jailbreaking purposes. Did they then start blabbing about exactly how they did it? Who let the media know it was due to code hidden in a font from a downloaded PDF? And if this exact security hole wasn't disclosed by the dev team, would've Apple been able to find it and patch it?
Click to expand...

There are ways to capture the PDF that contains the jailbreak code that is essentially not much different than a potential exploit with malicious intent.

Malware coders just have to get that PDF and look at it to figure out how to make their own exploit. Then they have to write a payload that reliably runs and that is the part that is difficult. But, this jailbreak shows them the vulnerabilities that are reliably exploitable so there is less work for them to do to create a payload that reliably works in the wild.
 
KnightWRX said:
Everyone who doesn't upgrade deserve whatever happens next in regards to this vulnerability. Remote root exploits should be plugged ASAP by anyone who values their computing experience.
Click to expand...
I'm done with Apple. I had a perfectly good running 3GS with 3.1.3 and I upgrade to 4.0 and experience dropped calls weak signal and slow performance on the net that locks up all the time. I upgrade again thinking this can't get any worse to 4.0.1 and it's better than 4.0 but my connection and signal still suck.. 4.2???? What's next??? it will be more suprises I'm sure and not for the better. At least I know what piece of crap OS I have and why it sucks, don't need no new problems in 4.2 :) No jailbreak with 4.2? LOL if Apple provided me with 3.1.3 performance I would of never jailbroke my phone. I'm not losing my jailbreak, hell it's the only hope my phone has and I'm tired of Apples controlling dictating ways. it's my phone leave it alone.
 
shanmugam said:
Apple's software quality not update the mark lately...

"Everything works" to "Everything breaks" -> not sure when they will go to the level microsoft, kinda irritating...

better hire additional resources to manage ever growing business!
Click to expand...

You make me laugh. An exploit in an open source font is hardly Apple's fault but Apple stepped up and fixed it.

munkery said:
There are ways to capture the PDF that contains the jailbreak code that is essentially not much different than a potential exploit with malicious intent.

Malware coders just have to get that PDF and look at it to figure out how to make their own exploit. Then they have to write a payload that reliably runs and that is the part that is difficult. But, this jailbreak shows them the vulnerabilities that are reliably exploitable so there is less work for them to do to create a payload that reliably works in the wild.
Click to expand...

All it takes is going to the file list of jailbreakme.com to get the PDFs and analyze it yourself. Simple.
 
Daveoc64 said:
What help is that?

1) It's not out yet

2) It's not reported to fix the proximity sensor.

Almost 1/6th of the iPhone 4's expected lifecycle has gone and the proximity sensor issue still remains.
Click to expand...

Until someone provides a source that 4.1 isn't fixing the proximity sensor issues - which I had on my first iPhone 4 when outside but not on my replacement - I think you all are spreading fud.

shanmugam said:
are you sick of software updates now? :D
Click to expand...

Nope, it was nice to get out of bed.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back