Apple Investigating iOS Vulnerability Allowing Web-Based Jailbreak

MacRumors

macrumors bot
Original poster
Apr 12, 2001
46,753
8,952





Over the weekend, a new Web-based jailbreak became available for iOS devices, offering users a simple method to open their devices to installation of unauthorized third-party applications.

At the time, we noted potential security implications of the method, which involves a security hole in how the mobile Safari browser included on all iOS devices handles embedded fonts. Exploiting the hole allows a remote site to gain control over a user's device. In the case of the new JailbreakMe site, the exploit is offering a convenient delivery method for a service, but others could use the same method for malicious purposes.

Reuters reports that it has received an official response from Apple on the issue, which notes only that it is investigating the security hole.
Company spokeswoman Natalie Harrison said the company was aware of the report.

"We're investigating," she said.
There is no word yet on a timetable for a fix. While many users are no doubt appreciative of the simple jailbreak method, Apple will certainly want to close the security hole as quickly as possible to both prevent malicious exploitation of it and to thwart the simple jailbreak process, a system modification frowned upon by the company.

Article Link: Apple Investigating iOS Vulnerability Allowing Web-Based Jailbreak
 

3goldens

macrumors 68000
Feb 26, 2008
1,776
92
that certainly males sense!

Lets hope our friends who do all the hard work figuring this stuff out find another exploit when the new updates come out!
 

Corruptitudes

macrumors regular
Nov 24, 2009
100
0
All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...
 

rockosmodurnlif

macrumors 65816
Apr 21, 2007
1,058
68
New York, NY
All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...
What do you think they've been doing? That's like saying after someone kicks in the door to rob an apartment, "well you shouldn't have had any doors, that just gives criminals a way in."
 

Full of Win

macrumors 68030
Nov 22, 2007
2,615
1
Ask Apple
Can't have users enjoying choice....now can we? Once upon a time Steve Jobs said that Apple believed in choice when talking about Internet Explorer. How times have changed :mad:

This jailbreak was way too easy. Bothers me a little.
Funny thing is, to fix the PDF exploit, you need to JB your phone and then get the update. Yes, right now, you need to JailBreak your phone to make it more secure.
 

DMann

macrumors 601
Jan 13, 2002
4,001
0
10023
All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...
Actually, all the more reason to allow jail-broken phones, or at least attempts to make them so.

This mischief will, in turn, enhance and accelerate security measures, by revealing any holes or vulnerabilities before they can be exploited by foul play.
 

astubbs

macrumors newbie
Oct 16, 2008
12
0
All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...
You don't get it. Apple *is* trying to lock it down. No amount of law is going to stop people finding these vulnerabilities.

What it *might* do is dissuade _some_ people to stop using them.
 

JavierP

macrumors regular
Mar 17, 2008
134
0
I wonder why Apple isn't using the magic powder that prevents OS X from having viruses on iOS so that this jailbreak thing cannot happen
 

zub3qin

macrumors 65816
Apr 10, 2007
1,311
0
How is it that media is able to get Apple to comment on this, but no media is asking Apple what is going on with the proximity sensor problem?
Or has the media asked apple and they are not commenting?
 

mattwolfmatt

macrumors 65816
Jun 7, 2008
1,025
28
"We're investigating" she said.

Is there a mandatory course for Apple upper management on how to write brief, succinct e-mails?
 

GoCubsGo

macrumors Nehalem
Feb 19, 2005
35,753
142
Investigating defined by Apple: figuring out how you little ****ers did that and forcing an update to ensure you people never have control of your phones.
 

coolfactor

macrumors 601
Jul 29, 2002
4,464
4,296
Vancouver, BC
You don't get it. Apple *is* trying to lock it down. No amount of law is going to stop people finding these vulnerabilities.

What it *might* do is dissuade _some_ people to stop using them.
You mean _most_ people. Most people can't be bothered with such stuff. My opinion is that it is best to pressure Apple to make the best, most functional device possible, not bypass Apple's design parameters and restrictions. Apple's blessing is important to me, I guess. Call me a fanboy. lol
 

severe

macrumors 6502a
May 23, 2007
702
33
Here come the neanderthals to exclaim, "this is why I don't jailbreak!"

In ...3 ...2 ...1
 

alent1234

macrumors 603
Jun 19, 2009
5,659
122
Obviously, like Apple, nobody cares about cracking OS X, only iPhones.

/hyperbole
got a strange email today about getting a $1000 apple gift card. used to be that i'd click suspicious links on my iphone because i thought it was more secure. no way will i do it now.

wouldn't be surprised if this is going to turn into a wave of OS X viruses
 

BTW

macrumors 6502
Mar 4, 2007
438
0
Apple needs to hire some of these jailbreaking masterminds to preemptively secure their iOS and OSX rather then reactionary patching. The quick patches may not be optimal and might introduce new bugs or holes.
 

Tyre

macrumors regular
May 23, 2010
143
0
Baltimore, MD
Good move Apple. Yes they want to stop jailbreaking, but I trust the iPhone Dev Team to find another way in (they already admitted to having one). This is a good hole to fix so I can continue to errantly download PDFs from people I don't know.
 

alent1234

macrumors 603
Jun 19, 2009
5,659
122
Apple needs to hire some of these jailbreaking masterminds to preemptively secure their iOS and OSX rather then reactionary patching. The quick patches may not be optimal and might introduce new bugs or holes.
not going to help

the small team mentality is what causes this. MS had the same problem in the late 1990's and used to work like Apple. the talented engineers are like kids and like to do cool new things but don't like to audit code and get all the bugs out.

apple needs to hire junior devs to go over code and stop the idiotic secrecy so people can work together