Dev-Team jump the gun in announcing jailbreak?

[swiftbmx]

Looking through tweets just now, looks like they found an exploit and with the key they provided(which I know nothing about), doesn't that tell Apple where they found the hole? Couldn't Apple just release 4.1.1 and patch it up and none of us will be able to go to 4.1 since we are waiting at 4.0.1? Please educate me.

 

[Tokiopop]

Looking through tweets just now, looks like they found an exploit and with the key they provided(which I know nothing about), doesn't that tell Apple where they found the hole? Couldn't Apple just release 4.1.1 and patch it up and none of us will be able to go to 4.1 since we are waiting at 4.0.1? Please educate me.

Apple aren't that fast to react, and you can always download older firmwares (I'm on 4.0 right now, and 4.1 is out, but I can easily get 4.0.1 which is in the middle of these two firmwares).

It really doesn't matter if Apple know, and they'd find out themselves quickly enough anyway.

It's all about the cat and mouse

 

[MikePA]

Looking through tweets just now, looks like they found an exploit and with the key they provided(which I know nothing about), doesn't that tell Apple where they found the hole? Couldn't Apple just release 4.1.1 and patch it up and none of us will be able to go to 4.1 since we are waiting at 4.0.1? Please educate me.

Yes, Apple could do that.

 

[Tokiopop]

There's a bootrom exploit now anyway so it doesn't even matter about constant firmware updates. They can't patch the bootrom

 

[iPhone-power]

The DevTeam has been posting those keys back and forth to each other for a long while as soon as new exploits are discovered after new firmware releases.
Nothing new and Apple just can't stop them.

 

[maturola]

Looking through tweets just now, looks like they found an exploit and with the key they provided(which I know nothing about), doesn't that tell Apple where they found the hole? Couldn't Apple just release 4.1.1 and patch it up and none of us will be able to go to 4.1 since we are waiting at 4.0.1? Please educate me.

They said they got "Multiples" exploits since the first 4.1 beta was available to developers, they didn't jump anything, having an exploit doesn't immediately translate to a jailbreak, there is a lot of work in between.

And no that doesn't give apple any advantage or information, they said they "have" exploits, they didn't said where the bugs where or what was affected, or how to exploit it.

 

[jimmyjonn]

nice nice

 

[QuarterSwede]

They said they got "Multiples" exploits since the first 4.1 beta was available to developers, they didn't jumped anything, having and exploit doesn't immediately translate to a jailbreak, there is a lot of work in between.

And no that doesn't give apple any advantage or information, they said they "have" exploits, they didn't said where the bugs where or what was affected, or how to exploit it.

Right, that's how I understood it.

 

[MikePA]

The DevTeam has been posting those keys back and forth to each other for a long while as soon as new exploits are discovered after new firmware releases.
Nothing new and Apple just can't stop them.

You ignored one of the OPs statements. If (a big if) Apple could determine the hole (exploit) being used then they could patch the hole. So, the answer is yes, Apple could stop them from using that particular exploit. It's what the whole 'cat and mouse game' is all about. But the dev team is way too smart to reveal this information in a public forum. It's also why they don't waste an exploit on a .0x release.

 

[dgstan]

You ignored one of the OPs statements. If (a big if) Apple could determine the hole (exploit) being used then they could patch the hole. So, the answer is yes, Apple could stop them from using that particular exploit. It's what the whole 'cat and mouse game' is all about. But the dev team is way too smart to reveal this information in a public forum. It's also why they don't waste an exploit on a .0x release.

My question is: Why burn a known exploit on a no-big-deal release like 4.1 when the awesome 4.2 is coming in just a couple of months.

 

[iPhone-power]

You ignored one of the OPs statements. If (a big if) Apple could determine the hole (exploit) being used then they could patch the hole. So, the answer is yes, Apple could stop them from using that particular exploit. It's what the whole 'cat and mouse game' is all about. But the dev team is way too smart to reveal this information in a public forum. It's also why they don't waste an exploit on a .0x release.

And thus my response "Apple just can't stop them"

I worded it that way for a reason !
I didn't ignore anything the OP said and I am well aware the public post doesn't give Apple what it needs to patch the firmware.

All good.

 

[maturola]

My question is: Why burn a known exploit on a no-big-deal release like 4.1 when the awesome 4.2 is coming in just a couple of months.

Sorry to brake it to you, however Proximity sensor fix, 3g performance fix, bluetooth fix, Game Center and HDR photos, are big deal for a large part of the iphone user based. It is actually a big deal release. (contrary to 4.0.2 which only fix one small whole in safari and it was made available as fast as possible in order to keep new device buyer from Jaibreaking/unlocking)

 

[MikePA]

I am well aware the public post doesn't give Apple what it needs to patch the firmware.

You might be well aware of this but the OP was not and I am sure there are others as well.

All good.

 

[MikePA]

My question is: Why burn a known exploit on a no-big-deal release like 4.1 when the awesome 4.2 is coming in just a couple of months.

When you write your own jb, you can decide when to burn an exploit. As was just posted, there are a lot of iPhone4 people anxiously awaiting 4.1. I'm not one of them since my phone doesn't have any of the problems it fixes but many people do.

 

[iPhone-power]

You might be well aware of this but the OP was not and I am sure there are others as well.

All good.

I agree, OP was not aware and others probably not either.
But I just reacted to your post saying I ignored the OP.

Looking forward to a pwned jailbreak on iPhone 4 iDevices

 

[douflag]

Sorry to brake it to you, however Proximity sensor fix, 3g performance fix, bluetooth fix, Game Center and HDR photos, are big deal for a large part of the iphone user based. It is actually a big deal release. (contrary to 4.0.2 which only fix one small whole in safari and it was made available as fast as possible in order to keep new device buyer from Jaibreaking/unlocking)

Contrary to popular belief, software 4.0.2 was a big deal. Imagine the millions of people who don't jailbreak or haven't updated to 4.0.2. This leaves them with an open exploit that may end up corrupting their phone, stealing their information, or having hackers leave things behind to track them. Imagine the number of lawsuits that could arise from that mess. Remember that there was no fix for this user base until 4.0.2 came along. That is why Apple fixed it, not because of the JB/Unlock community. Only a small majority of the tens of millions actually bother with jailbreaking.

 

[dgstan]

When you write your own jb, you can decide when to burn an exploit. As was just posted, there are a lot of iPhone4 people anxiously awaiting 4.1. I'm not one of them since my phone doesn't have any of the problems it fixes but many people do.

I understand and you are correct. However, aren't we in kind of a unique situation where Apple has already stated 4.2 will be out in two months? By the time the Dev Team packages up the JB, it'll be one month away.

But, I'll quit worrying about it and figure the 'team knows what they're doing. I also have none of the listed problems, but that HDR stuff looks good.

 

[Diode]

They already have a iphone4 running ios 4.1 with old bootrom. The tools to this update are already out and now we just have to wait for a jailbreak.

 

[Applejuiced]

Sorry to brake it to you, however Proximity sensor fix, 3g performance fix, bluetooth fix, Game Center and HDR photos, are big deal for a large part of the iphone user based. It is actually a big deal release. (contrary to 4.0.2 which only fix one small whole in safari and it was made available as fast as possible in order to keep new device buyer from Jaibreaking/unlocking)

Well said.
It is a substantial update.

 

[maturola]

Contrary to popular belief, software 4.0.2 was a big deal. Imagine the millions of people who don't jailbreak or haven't updated to 4.0.2. This leaves them with an open exploit that may end up corrupting their phone, stealing their information, or having hackers leave things behind to track them. Imagine the number of lawsuits that could arise from that mess. Remember that there was no fix for this user base until 4.0.2 came along. That is why Apple fixed it, not because of the JB/Unlock community. Only a small majority of the tens of millions actually bother with jailbreaking.

maybe i miss use the words "big deal", just to make a point to the previous poster, I agree that the safari fix was important, but comparing an update that fix 1 bug with a update that fix multiple bugs, adress performance issues and add new functionality is a totally difference monster.

 

[thep33t]

maybe i miss use the words "big deal", just to make a point to the previous poster, I agree that the safari fix was important, but comparing an update that fix 1 bug with a update that fix multiple bugs, adress performance issues and add new functionality is a totally difference monster.

I think, in fact, that you misunderstand what that '1 bug' was. It was not a bug, but rather a HUGE, well known security hole which if exploited, could have lead to the compromise of all stock iOS devices.

 

[csjo00]

Wonder how long it'll take them to release an update Pwnagetool for the people with old bootrom on 3GS..

 

[Applejuiced]

I think, in fact, that you misunderstand what that '1 bug' was. It was not a bug, but rather a HUGE, well known security hole which if exploited, could have lead to the compromise of all stock iOS devices.

Every exploit used before to jb a device could be considered a HUGE hole cause obviously it could leave the device open to intruders.

 

[maturola]

I think, in fact, that you misunderstand what that '1 bug' was. It was not a bug, but rather a HUGE, well known security hole which if exploited, could have lead to the compromise of all stock iOS devices.

I am not sure how familiar you are with software development but any bug in software have the same potential (but rather a HUGE, well known security hole which if exploited, could have lead to the compromise of all stock iOS devices) the only reason you knew about this one was because it was made public, all the bug fix on every firmware relase that no one knows about it have the same potential (including all the one fix on 4.1) so if you compare apples to apples (pun intended) 4.1 still a mayor release over 4.0.1 since it fix similar or maybe even more critical bugs (only different is that the general public doesn't know about it yet)

 

[moussekateer]

I'm going to have to agree that the exploit used in pre 4.0.2 was more dangerous than normal. All the other exploits required you to have physical access to the phone to upload the payload. If someone has physical access to your phone then consider it comprimised. Comex's exploit could be run remotely on malcious websites with no user intervention and run silently so you'd have no idea anything had occurred. In that sense it was much more dangerous.