Apple Investigating iOS Vulnerability Allowing Web-Based Jailbreak

[MacRumors]

Over the weekend, a new Web-based jailbreak became available for iOS devices, offering users a simple method to open their devices to installation of unauthorized third-party applications.

At the time, we noted potential security implications of the method, which involves a security hole in how the mobile Safari browser included on all iOS devices handles embedded fonts. Exploiting the hole allows a remote site to gain control over a user's device. In the case of the new JailbreakMe site, the exploit is offering a convenient delivery method for a service, but others could use the same method for malicious purposes.

Reuters reports that it has received an official response from Apple on the issue, which notes only that it is investigating the security hole.

Company spokeswoman Natalie Harrison said the company was aware of the report.

"We're investigating," she said.

There is no word yet on a timetable for a fix. While many users are no doubt appreciative of the simple jailbreak method, Apple will certainly want to close the security hole as quickly as possible to both prevent malicious exploitation of it and to thwart the simple jailbreak process, a system modification frowned upon by the company.

Article Link: Apple Investigating iOS Vulnerability Allowing Web-Based Jailbreak

 

[3goldens]

that certainly males sense!

Lets hope our friends who do all the hard work figuring this stuff out find another exploit when the new updates come out!

 

[ihaveNFC]

they just figured this out?

 

[scottness]

This jailbreak was way too easy. Bothers me a little.

 

[iBookG4user]

Well that didn't take long.

 

[Corruptitudes]

All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...

 

[rockosmodurnlif]

All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...

What do you think they've been doing? That's like saying after someone kicks in the door to rob an apartment, "well you shouldn't have had any doors, that just gives criminals a way in."

 

[jaykid007]

Are you all jailbroken?

 

[Full of Win]

Can't have users enjoying choice....now can we? Once upon a time Steve Jobs said that Apple believed in choice when talking about Internet Explorer. How times have changed

This jailbreak was way too easy. Bothers me a little.

Funny thing is, to fix the PDF exploit, you need to JB your phone and then get the update. Yes, right now, you need to JailBreak your phone to make it more secure.

 

[DMann]

All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...

Actually, all the more reason to allow jail-broken phones, or at least attempts to make them so.

This mischief will, in turn, enhance and accelerate security measures, by revealing any holes or vulnerabilities before they can be exploited by foul play.

 

[astubbs]

All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...

You don't get it. Apple *is* trying to lock it down. No amount of law is going to stop people finding these vulnerabilities.

What it *might* do is dissuade _some_ people to stop using them.

 

[JavierP]

I wonder why Apple isn't using the magic powder that prevents OS X from having viruses on iOS so that this jailbreak thing cannot happen

 

[zub3qin]

How is it that media is able to get Apple to comment on this, but no media is asking Apple what is going on with the proximity sensor problem?
Or has the media asked apple and they are not commenting?

 

[rockosmodurnlif]

I wonder why Apple isn't using the magic powder that prevents OS X from having viruses on iOS so that this jailbreak thing cannot happen

Obviously, like Apple, nobody cares about cracking OS X, only iPhones.

/hyperbole

 

[alent1234]

All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...

yep

this kind of reminds me of MS Windows circa 2002 or so

 

[mattwolfmatt]

"We're investigating" she said.

Is there a mandatory course for Apple upper management on how to write brief, succinct e-mails?

 

[iBookG4user]

"We're investigating" she said.

Is there a mandatory course for Apple upper management on how to write brief, succinct e-mails?

Yes, it is.

 

[GoCubsGo]

Investigating defined by Apple: figuring out how you little ****ers did that and forcing an update to ensure you people never have control of your phones.

 

[coolfactor]

You don't get it. Apple *is* trying to lock it down. No amount of law is going to stop people finding these vulnerabilities.

What it *might* do is dissuade _some_ people to stop using them.

You mean _most_ people. Most people can't be bothered with such stuff. My opinion is that it is best to pressure Apple to make the best, most functional device possible, not bypass Apple's design parameters and restrictions. Apple's blessing is important to me, I guess. Call me a fanboy. lol

 

[severe]

Here come the neanderthals to exclaim, "this is why I don't jailbreak!"

In ...3 ...2 ...1

 

[alent1234]

Obviously, like Apple, nobody cares about cracking OS X, only iPhones.

/hyperbole

got a strange email today about getting a $1000 apple gift card. used to be that i'd click suspicious links on my iphone because i thought it was more secure. no way will i do it now.

wouldn't be surprised if this is going to turn into a wave of OS X viruses

 

[BTW]

Apple needs to hire some of these jailbreaking masterminds to preemptively secure their iOS and OSX rather then reactionary patching. The quick patches may not be optimal and might introduce new bugs or holes.

 

[Tyre]

Good move Apple. Yes they want to stop jailbreaking, but I trust the iPhone Dev Team to find another way in (they already admitted to having one). This is a good hole to fix so I can continue to errantly download PDFs from people I don't know.

 

[alent1234]

Apple needs to hire some of these jailbreaking masterminds to preemptively secure their iOS and OSX rather then reactionary patching. The quick patches may not be optimal and might introduce new bugs or holes.

not going to help

the small team mentality is what causes this. MS had the same problem in the late 1990's and used to work like Apple. the talented engineers are like kids and like to do cool new things but don't like to audit code and get all the bugs out.

apple needs to hire junior devs to go over code and stop the idiotic secrecy so people can work together

 

[rwilliams]

All the more reason to stop allowing jailbroken phones. Lock them down. It only invites people to look for holes in the OS to try their mischief...

What you propose is impossible. There is no such thing as impenetrable software.