Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS4 Jailbreak Method Brings Security Concerns

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,182
38,966


There is renewed concern today over iOS security after a website-based jailbreaking tool was released for iOS 4 for iPhone and iPod touch and iOS 3.2 for iPad.

While the jailbreak appears to be a relatively benevolent attack against a security hole in iOS, concern remains that there is a yet-unpatched and largely unidentified security vulnerability in iOS that hackers could use in a similar way to remotely plant malware on an unsuspecting victim's device.

Multiple reports suggest that the jailbreak method attacks a flaw in the iOS PDF viewer in order to gain access to the device, however the principle developer of the project "comex" writes via his Twitter account that he is wondering "how long until someone figures out the actual bug I'm exploiting."

A similar jailbreak method was devised for iPhone OS 1.1.1, where developers even fixed the targeted bug after the jailbreak was complete.

Article Link: iOS4 Jailbreak Method Brings Security Concerns
 
Article Link
https://www.macrumors.com/2010/08/02/ios4-jailbreak-bring-security-concerns/
Exactly. I said this in the other thread, too. I don't have a problem with jailbreaking, but the fact that this particular method of doing it is possible worries me somewhat.
 
What do you expect to happen when you break Apple rules. The only reason I would see to jailbreak in the USA (since I live here) is to do FACETIME chats over 3G and to tether. I could care less about both. Jailbreaking has no other real killer feature, Apple has eliminated the need for inane people to jailbreak, which is a childish and pointless act atm
 
In this case it doesn't matter whether they are breaking Apple's rules or not. A web site could create a lot of problems by fooling people into downloading crafted PDFs. Apple should fix the holes ASAP.
 
Small White Car said:
Exactly. I said this in the other thread, too. I don't have a problem with jailbreaking, but the fact that this particular method of doing it is possible worries me somewhat.
Click to expand...

The difference is the under 10 people in the world who know how to do it, they are all known, and all working to help jailbreak the devices not for nefarious means.
 
Consultant said:
The difference is the under 10 people in the world who know how to do it, they are all known, and all working to help jailbreak the devices not for nefarious means.
Click to expand...

I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.

iDisk said:
it's really simple, don't break Apple rules. :)
Click to expand...

So owning an iPhone is "breaking Apple rules" now?

What?
 
iDisk said:
What do you expect to happen when you break Apple rules.
Click to expand...

What?? what are you even saying? did you read the article? it's saying the exploit used to create this jailbreak can be used to create malware on NON-JAILBROKEN phones. has nothing to do with apple's rules.
 
nwcs said:
In this case it doesn't matter whether they are breaking Apple's rules or not. A web site could create a lot of problems by fooling people into downloading crafted PDFs. Apple should fix the holes ASAP.
Click to expand...

People who have jail broken devices do so by there own actions, this isn't Apples fault, the user shouldn't jailbreak there device, period. ;)
 
Small White Car said:
I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.
Click to expand...

People said the same thing when the first web-based iPhone jailbreak came out.

Apple will also patch this with the next software update.
 
Small White Car said:
I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.



So owning an iPhone is "breaking Apple rules" now?

What?
Click to expand...

likemyorbs said:
What?? what are you even saying? did you read the article? it's saying the exploit used to create this jailbreak can be used to create malware on NON-JAILBROKEN phones. has nothing to do with apple's rules.
Click to expand...

:( whoops, please have mercy on me for not understanding the article :( , sorry I somehow missed this ..... :eek::eek:
 
Well, if Apple wants these exploits to remain hidden, they should allow non Apple Store apps to be installed on the iPhone. :)

In the end, these exploits are found and reported every day (which is a good thing). I'm sure apple will figure out what the exploit is and patch it in 4.1.

Then jailbreakers will just find an new hole.

Apple's just asking for the jailbreakers to find holes as long as they try to keep their little walled kingdom free of freedom. :)
 
iDisk said:
What do you expect to happen when you break Apple rules. The only reason I would see to jailbreak in the USA (since I live here) is to do FACETIME chats over 3G and to tether. I could care less about both. Jailbreaking has no other real killer feature, Apple has eliminated the need for inane people to jailbreak, which is a childish and pointless act atm
Click to expand...

This post is full of contradiction, my friend. But I'll bite.

So how is Jailbreaking "a childish and pointless act"?

iDisk said:
Apple has a rule about Jailbreaking ..... DONT DO IT!! it's really simple, don't break Apple rules. :)
Click to expand...

With my phone?
 
jamesryanbell said:
Just use the product as Apple intended it.

No one's impressed.

lol
Click to expand...

Looks like you need to RTFA too. The current Safari App is how Apple intended it. Only problem is that it has security hole any non-JBing person can accidently fall into.
 
iDisk said:
Apple has a rule about Jailbreaking ..... DONT DO IT!! it's really simple, don't break Apple rules. :)
Click to expand...

I think you need to re-read the article to see what the point of the thread is.

The point is: there is an open vulnerability on every iOS device that a hacker could use to do whatever they want with your device. You don't have to jailbreak your device in order for this vulnerability to happen, it's just that the jailbreak method happens to use the pre-existing vulnerability to achieve its goals.
 
Regardless of the jailbreak, it's good this guy found the hole and has now made it public (in a non-malicious manner) so Apple can fix it. They should give this guy a reward. :D
 
likemyorbs said:
What?? what are you even saying? did you read the article? it's saying the exploit used to create this jailbreak can be used to create malware on NON-JAILBROKEN phones. has nothing to do with apple's rules.
Click to expand...

Okay, it's legal to jailbrake, sure. But it seems the US is the only place where people expect to be able to break the rules and still be protected by the manufacturer. I want to jailbreak the phone and still have Apple take care of me. I'm talking about jailbreaking in general here, not this specific incident. It's not about being controlled, it's about demanding imaginary freedoms.

This is like buying a car, taking out the engine, tires, brakes, transmission; replacing those with after market parts; then getting mad at the car manufacturer when things go wrong.

You jailbrake your phone, you're taking your chances. And yeah, just as the car manufacturer shouldn't honor their warranty, Apple shouldn't honor theirs if you do this.
 
The download interface for iOS 4 on the PDF means it has to do something with iBooks, and PDF download exploit?


Edit:
I'm wrong, I looked at the PDF for the iPhone 4 (3,1) 4.0.1 file, looking at the PDF file with TextEdit shows that its a PDF exploit and not through iOS.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back