Dev-Team jump the gun in announcing jailbreak?

[maturola]

I'm going to have to agree that the exploit used in pre 4.0.2 was more dangerous than normal. All the other exploits required you to have physical access to the phone to upload the payload. If someone has physical access to your phone then consider it comprimised. Comex's exploit could be run remotely on malcious websites with no user intervention and run silently so you'd have no idea anything had occurred. In that sense it was much more dangerous.

Actually, Jailbreakeme.com was original introduce back on the day to jailbreak 1.1.1 (I think, either that or 1.1.3, but it was on the 1.x.x), that exploit was also a userland exploit. it happend before, it will happend again, as i siad before, we don;t get details of that bug fixes are on each release (they just say "several bug fix) for what we know one or multiple bugs like that are present and fix on each release.

Only difference as i said before is when the public knows about it, of course is going to look more critical if you know about it but those bugs are just the nature of software

 

[moussekateer]

Actually, Jailbreakeme.com was original introduce back on the day to jailbreak 1.1.1 (I think, either that or 1.1.3, but it was on the 1.x.x), that exploit was also a userland exploit. it happend before, it will happend again, as i siad before, we don;t get details of that bug fixes are on each release (they just say "several bug fix) for what we know one or multiple bugs like that are present and fix on each release.

Only difference as i said before is when the public knows about it, of course is going to look more critical if you know about it but those bugs are just the nature of software

Yes I remember those days when it used to take 45 mins to jailbreak and unlock a phone with about 50 steps inbetween My point is those exploits are much worse than the typical exploit. For all we know another 50 could exist just waiting to be discovered.

 

[thep33t]

Every hole is, yes, however, a PDF exploit, in which one has access to a infected pdf document, is rather big.

Lots of people use pdf's, and can be redirected and automatically opened on the phone. So this one was especially bad, sort of like the SMS bug, but then again, your too cool to be incorrect.

 

[TSX]

. They can't patch the bootrom

Yes they can "patch"/flash the bootrom, remember they did it last year with the 3gs if your 3gs was made before sept you had the old bootrom but if it was made after it had the new bootrom.

 

[coasterswim]

Yes they can "patch"/flash the bootrom, remember they did it last year with the 3gs if your 3gs was made before sept you had the old bootrom but if it was made after it had the new bootrom.

OK, they can't patch the bootrom on existing models.

 

[Jayman34187]

Contrary to popular belief, software 4.0.2 was a big deal. Imagine the millions of people who don't jailbreak or haven't updated to 4.0.2. This leaves them with an open exploit that may end up corrupting their phone, stealing their information, or having hackers leave things behind to track them. Imagine the number of lawsuits that could arise from that mess. Remember that there was no fix for this user base until 4.0.2 came along. That is why Apple fixed it, not because of the JB/Unlock community. Only a small majority of the tens of millions actually bother with jailbreaking.

Just imagine this open exploit as something Apple overlooked and was found by the jailbreakers to get into 4.0 and 4.0.1 apple patched up the hole in 4.0.2 correct, with a jailbroken device PDF Patch also patches the hole and guess what you get to keep your jailbreak win win

 

[terraphantm]

Looking through tweets just now, looks like they found an exploit and with the key they provided(which I know nothing about), doesn't that tell Apple where they found the hole? Couldn't Apple just release 4.1.1 and patch it up and none of us will be able to go to 4.1 since we are waiting at 4.0.1? Please educate me.

Those keys don't tell anything about the vulnerability other than that it's a bootrom level vuln (you can't extract those keys unless you can compromise the bootrom).

 

[narimonk]

You ignored one of the OPs statements. If (a big if) Apple could determine the hole (exploit) being used then they could patch the hole. So, the answer is yes, Apple could stop them from using that particular exploit. It's what the whole 'cat and mouse game' is all about. But the dev team is way too smart to reveal this information in a public forum. It's also why they don't waste an exploit on a .0x release.

But it's a bootrom exploit, and the only plug would be a hardware revision, which Apple has already (reportedly) gone through with the iPhone 4, And it takes a while to roll out an entirely new model. So the danger, if it exists, is minimum.

 

[MikePA]

But it's a bootrom exploit, and the only plug would be a hardware revision, which Apple has already (reportedly) gone through with the iPhone 4, And it takes a while to roll out an entirely new model. So the danger, if it exists, is minimum.

Who said it's a bootrom exploit?

 

[moussekateer]

Who said it's a bootrom exploit?

pod2g posted the bootrom keys today, implying access using an exploit that's taken 'months' of work

 

[Applejuiced]

pod2g posted the bootrom keys today, implying access using an exploit that's taken 'months'

That's sweet.

 

[Applejuiced]

pod2g posted the bootrom keys today, implying access using an exploit that's taken 'months' of work

New update.
Exploit is confirmed working for the iPod Touch 4G as well. A source has told BGR that in order to patch this particular bootrom hack Apple would need "a whole new processor rev." A re-flashed or patched bootrom for the current hardware would not be sufficient.

 

[powerbuddy]

New update.
Exploit is confirmed working for the iPod Touch 4G as well. A source has told BGR that in order to patch this particular bootrom hack Apple would need "a whole new processor rev." A re-flashed or patched bootrom for the current hardware would not be sufficient.

source?

 

[wjlafrance]

If you're worried about Apple releasing 4.1.1, download TinyUmbrella, plug in your phone, open advanced options and find iOS 4.1 for your phone. Select Cydia as the signature source and request. After a few seconds, both you and Cydia have your 4.1 SHSH and your phone is still safely on 4.0.1. Make sure you request your 4.0.2 as well - there's no harm in making sure.

 

[wjlafrance]

Yes they can "patch"/flash the bootrom, remember they did it last year with the 3gs if your 3gs was made before sept you had the old bootrom but if it was made after it had the new bootrom.

That's like saying when I removed the hard drive from my MacBook and put a different one in, I flashed my MacBook to have a higher capacity. The bootrom is read-only, to you and to Apple.

 

[mytakeontech]

Decrypting the 4.1 iP4 ipsw?

This is what I found on pod2g twit:

Works on 4.1 (!) iBSS iv=c2c5416472e5a0d6f0a25a123d5a2b1c key=1fbc7dcafaec21a150a51eb0eb99367550e24a077b128831b28c065e61f894a0

Now tried to use this key to decrypt the .dmg found inside the 4.1 iP4 ipsw but it did not work.

I followed these instructions ...

http://gumballtech.com/2010/04/12/decrypt-browse-the-iphone-os-4-0-file-system-win-mac-lin/

Question is, is this key really vfdecrypt key or something else?

 

[MikePA]

pod2g posted the bootrom keys today, implying access using an exploit that's taken 'months' of work

Excellent.

 

[Applejuiced]

source?

http://www.iclarified.com/entry/index.php?enid=11559