Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Investigating iOS Vulnerability Allowing Web-Based Jailbreak

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,502
39,338



215951-ios_4_lock.png


Over the weekend, a new Web-based jailbreak became available for iOS devices, offering users a simple method to open their devices to installation of unauthorized third-party applications.

At the time, we noted potential security implications of the method, which involves a security hole in how the mobile Safari browser included on all iOS devices handles embedded fonts. Exploiting the hole allows a remote site to gain control over a user's device. In the case of the new JailbreakMe site, the exploit is offering a convenient delivery method for a service, but others could use the same method for malicious purposes.

Reuters reports that it has received an official response from Apple on the issue, which notes only that it is investigating the security hole.
Company spokeswoman Natalie Harrison said the company was aware of the report.

"We're investigating," she said.
Click to expand...
There is no word yet on a timetable for a fix. While many users are no doubt appreciative of the simple jailbreak method, Apple will certainly want to close the security hole as quickly as possible to both prevent malicious exploitation of it and to thwart the simple jailbreak process, a system modification frowned upon by the company.

Article Link: Apple Investigating iOS Vulnerability Allowing Web-Based Jailbreak
 
Article Link
https://www.macrumors.com/2010/08/03/apple-investigating-ios-vulnerability-allowing-web-based-jailbreak/
that certainly males sense!

Lets hope our friends who do all the hard work figuring this stuff out find another exploit when the new updates come out!
 
All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...
 
Corruptitudes said:
All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...
Click to expand...
What do you think they've been doing? That's like saying after someone kicks in the door to rob an apartment, "well you shouldn't have had any doors, that just gives criminals a way in."
 
Can't have users enjoying choice....now can we? Once upon a time Steve Jobs said that Apple believed in choice when talking about Internet Explorer. How times have changed :mad:

scottness said:
This jailbreak was way too easy. Bothers me a little.
Click to expand...

Funny thing is, to fix the PDF exploit, you need to JB your phone and then get the update. Yes, right now, you need to JailBreak your phone to make it more secure.
 
Corruptitudes said:
All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...
Click to expand...

Actually, all the more reason to allow jail-broken phones, or at least attempts to make them so.

This mischief will, in turn, enhance and accelerate security measures, by revealing any holes or vulnerabilities before they can be exploited by foul play.
 
Corruptitudes said:
All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...
Click to expand...

You don't get it. Apple *is* trying to lock it down. No amount of law is going to stop people finding these vulnerabilities.

What it *might* do is dissuade _some_ people to stop using them.
 
I wonder why Apple isn't using the magic powder that prevents OS X from having viruses on iOS so that this jailbreak thing cannot happen
 
How is it that media is able to get Apple to comment on this, but no media is asking Apple what is going on with the proximity sensor problem?
Or has the media asked apple and they are not commenting?
 
"We're investigating" she said.

Is there a mandatory course for Apple upper management on how to write brief, succinct e-mails?
 
Investigating defined by Apple: figuring out how you little ****ers did that and forcing an update to ensure you people never have control of your phones.
 
astubbs said:
You don't get it. Apple *is* trying to lock it down. No amount of law is going to stop people finding these vulnerabilities.

What it *might* do is dissuade _some_ people to stop using them.
Click to expand...

You mean _most_ people. Most people can't be bothered with such stuff. My opinion is that it is best to pressure Apple to make the best, most functional device possible, not bypass Apple's design parameters and restrictions. Apple's blessing is important to me, I guess. Call me a fanboy. lol
 
Here come the neanderthals to exclaim, "this is why I don't jailbreak!"

In ...3 ...2 ...1
 
rockosmodurnlif said:
Obviously, like Apple, nobody cares about cracking OS X, only iPhones.

/hyperbole
Click to expand...

got a strange email today about getting a $1000 apple gift card. used to be that i'd click suspicious links on my iphone because i thought it was more secure. no way will i do it now.

wouldn't be surprised if this is going to turn into a wave of OS X viruses
 
Apple needs to hire some of these jailbreaking masterminds to preemptively secure their iOS and OSX rather then reactionary patching. The quick patches may not be optimal and might introduce new bugs or holes.
 
Good move Apple. Yes they want to stop jailbreaking, but I trust the iPhone Dev Team to find another way in (they already admitted to having one). This is a good hole to fix so I can continue to errantly download PDFs from people I don't know.
 
BTW said:
Apple needs to hire some of these jailbreaking masterminds to preemptively secure their iOS and OSX rather then reactionary patching. The quick patches may not be optimal and might introduce new bugs or holes.
Click to expand...

not going to help

the small team mentality is what causes this. MS had the same problem in the late 1990's and used to work like Apple. the talented engineers are like kids and like to do cool new things but don't like to audit code and get all the bugs out.

apple needs to hire junior devs to go over code and stop the idiotic secrecy so people can work together
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back