MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,967
14,713
https://www.macrumors.com/images/macrumorsthreadlogodarkd.png


215951-ios_4_lock.png


Over the weekend, a new Web-based jailbreak became available for iOS devices, offering users a simple method to open their devices to installation of unauthorized third-party applications.

At the time, we noted potential security implications of the method, which involves a security hole in how the mobile Safari browser included on all iOS devices handles embedded fonts. Exploiting the hole allows a remote site to gain control over a user's device. In the case of the new JailbreakMe site, the exploit is offering a convenient delivery method for a service, but others could use the same method for malicious purposes.

Reuters reports that it has received an official response from Apple on the issue, which notes only that it is investigating the security hole.
Company spokeswoman Natalie Harrison said the company was aware of the report.

"We're investigating," she said.
There is no word yet on a timetable for a fix. While many users are no doubt appreciative of the simple jailbreak method, Apple will certainly want to close the security hole as quickly as possible to both prevent malicious exploitation of it and to thwart the simple jailbreak process, a system modification frowned upon by the company.

Article Link: Apple Investigating iOS Vulnerability Allowing Web-Based Jailbreak
 

3goldens

macrumors 68000
Feb 26, 2008
1,783
99
that certainly males sense!

Lets hope our friends who do all the hard work figuring this stuff out find another exploit when the new updates come out!
 
Comment

Corruptitudes

macrumors regular
Nov 24, 2009
100
0
All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...
 
Comment

rockosmodurnlif

macrumors 65816
Apr 21, 2007
1,062
71
New York, NY
All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...
What do you think they've been doing? That's like saying after someone kicks in the door to rob an apartment, "well you shouldn't have had any doors, that just gives criminals a way in."
 
Comment

Full of Win

macrumors 68030
Nov 22, 2007
2,615
1
Ask Apple
Can't have users enjoying choice....now can we? Once upon a time Steve Jobs said that Apple believed in choice when talking about Internet Explorer. How times have changed :mad:

This jailbreak was way too easy. Bothers me a little.

Funny thing is, to fix the PDF exploit, you need to JB your phone and then get the update. Yes, right now, you need to JailBreak your phone to make it more secure.
 
Comment

DMann

macrumors 601
Jan 13, 2002
4,001
0
10023
All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...

Actually, all the more reason to allow jail-broken phones, or at least attempts to make them so.

This mischief will, in turn, enhance and accelerate security measures, by revealing any holes or vulnerabilities before they can be exploited by foul play.
 
Comment

astubbs

macrumors newbie
Oct 16, 2008
13
0
All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...

You don't get it. Apple *is* trying to lock it down. No amount of law is going to stop people finding these vulnerabilities.

What it *might* do is dissuade _some_ people to stop using them.
 
Comment

JavierP

macrumors regular
Mar 17, 2008
133
0
I wonder why Apple isn't using the magic powder that prevents OS X from having viruses on iOS so that this jailbreak thing cannot happen
 
Comment

zub3qin

macrumors 65816
Apr 10, 2007
1,311
0
How is it that media is able to get Apple to comment on this, but no media is asking Apple what is going on with the proximity sensor problem?
Or has the media asked apple and they are not commenting?
 
Comment

mattwolfmatt

macrumors 65816
Jun 7, 2008
1,039
68
"We're investigating" she said.

Is there a mandatory course for Apple upper management on how to write brief, succinct e-mails?
 
Comment

GoCubsGo

macrumors Nehalem
Feb 19, 2005
35,741
149
Investigating defined by Apple: figuring out how you little ****ers did that and forcing an update to ensure you people never have control of your phones.
 
Comment

coolfactor

macrumors 603
Jul 29, 2002
5,028
5,445
Vancouver, BC
You don't get it. Apple *is* trying to lock it down. No amount of law is going to stop people finding these vulnerabilities.

What it *might* do is dissuade _some_ people to stop using them.

You mean _most_ people. Most people can't be bothered with such stuff. My opinion is that it is best to pressure Apple to make the best, most functional device possible, not bypass Apple's design parameters and restrictions. Apple's blessing is important to me, I guess. Call me a fanboy. lol
 
Comment

severe

macrumors 6502a
May 23, 2007
721
56
Here come the neanderthals to exclaim, "this is why I don't jailbreak!"

In ...3 ...2 ...1
 
Comment

alent1234

macrumors 603
Jun 19, 2009
5,688
170
Obviously, like Apple, nobody cares about cracking OS X, only iPhones.

/hyperbole

got a strange email today about getting a $1000 apple gift card. used to be that i'd click suspicious links on my iphone because i thought it was more secure. no way will i do it now.

wouldn't be surprised if this is going to turn into a wave of OS X viruses
 
Comment

BTW

macrumors 6502
Mar 4, 2007
438
0
Apple needs to hire some of these jailbreaking masterminds to preemptively secure their iOS and OSX rather then reactionary patching. The quick patches may not be optimal and might introduce new bugs or holes.
 
Comment

Tyre

macrumors regular
May 23, 2010
143
0
Baltimore, MD
Good move Apple. Yes they want to stop jailbreaking, but I trust the iPhone Dev Team to find another way in (they already admitted to having one). This is a good hole to fix so I can continue to errantly download PDFs from people I don't know.
 
Comment

alent1234

macrumors 603
Jun 19, 2009
5,688
170
Apple needs to hire some of these jailbreaking masterminds to preemptively secure their iOS and OSX rather then reactionary patching. The quick patches may not be optimal and might introduce new bugs or holes.

not going to help

the small team mentality is what causes this. MS had the same problem in the late 1990's and used to work like Apple. the talented engineers are like kids and like to do cool new things but don't like to audit code and get all the bugs out.

apple needs to hire junior devs to go over code and stop the idiotic secrecy so people can work together
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.