Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,095
13,713
https://www.macrumors.com/images/macrumorsthreadlogodarkd.png

There is renewed concern today over iOS security after a website-based jailbreaking tool was released for iOS 4 for iPhone and iPod touch and iOS 3.2 for iPad.

While the jailbreak appears to be a relatively benevolent attack against a security hole in iOS, concern remains that there is a yet-unpatched and largely unidentified security vulnerability in iOS that hackers could use in a similar way to remotely plant malware on an unsuspecting victim's device.

Multiple reports suggest that the jailbreak method attacks a flaw in the iOS PDF viewer in order to gain access to the device, however the principle developer of the project "comex" writes via his Twitter account that he is wondering "how long until someone figures out the actual bug I'm exploiting."

A similar jailbreak method was devised for iPhone OS 1.1.1, where developers even fixed the targeted bug after the jailbreak was complete.

Article Link: iOS4 Jailbreak Method Brings Security Concerns
 

Small White Car

macrumors G4
Aug 29, 2006
10,929
1,239
Washington DC
Exactly. I said this in the other thread, too. I don't have a problem with jailbreaking, but the fact that this particular method of doing it is possible worries me somewhat.
 
Comment

iDisk

macrumors 6502a
Jan 2, 2010
825
0
Menlo Park, CA
What do you expect to happen when you break Apple rules. The only reason I would see to jailbreak in the USA (since I live here) is to do FACETIME chats over 3G and to tether. I could care less about both. Jailbreaking has no other real killer feature, Apple has eliminated the need for inane people to jailbreak, which is a childish and pointless act atm
 
Comment

nwcs

macrumors 68020
Sep 21, 2009
2,036
2,799
Tennessee
In this case it doesn't matter whether they are breaking Apple's rules or not. A web site could create a lot of problems by fooling people into downloading crafted PDFs. Apple should fix the holes ASAP.
 
Comment

Consultant

macrumors G5
Jun 27, 2007
13,313
33
Exactly. I said this in the other thread, too. I don't have a problem with jailbreaking, but the fact that this particular method of doing it is possible worries me somewhat.

The difference is the under 10 people in the world who know how to do it, they are all known, and all working to help jailbreak the devices not for nefarious means.
 
Comment

Small White Car

macrumors G4
Aug 29, 2006
10,929
1,239
Washington DC
The difference is the under 10 people in the world who know how to do it, they are all known, and all working to help jailbreak the devices not for nefarious means.

I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.

it's really simple, don't break Apple rules. :)

So owning an iPhone is "breaking Apple rules" now?

What?
 
Comment

likemyorbs

macrumors 68000
Jul 20, 2008
1,956
5
NJ
What do you expect to happen when you break Apple rules.

What?? what are you even saying? did you read the article? it's saying the exploit used to create this jailbreak can be used to create malware on NON-JAILBROKEN phones. has nothing to do with apple's rules.
 
Comment

iDisk

macrumors 6502a
Jan 2, 2010
825
0
Menlo Park, CA
In this case it doesn't matter whether they are breaking Apple's rules or not. A web site could create a lot of problems by fooling people into downloading crafted PDFs. Apple should fix the holes ASAP.

People who have jail broken devices do so by there own actions, this isn't Apples fault, the user shouldn't jailbreak there device, period. ;)
 
Comment

Consultant

macrumors G5
Jun 27, 2007
13,313
33
I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.

People said the same thing when the first web-based iPhone jailbreak came out.

Apple will also patch this with the next software update.
 
Comment

iDisk

macrumors 6502a
Jan 2, 2010
825
0
Menlo Park, CA
I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.



So owning an iPhone is "breaking Apple rules" now?

What?

What?? what are you even saying? did you read the article? it's saying the exploit used to create this jailbreak can be used to create malware on NON-JAILBROKEN phones. has nothing to do with apple's rules.

:( whoops, please have mercy on me for not understanding the article :( , sorry I somehow missed this ..... :eek::eek:
 
Comment

iVoid

macrumors 65816
Jan 9, 2007
1,134
160
Well, if Apple wants these exploits to remain hidden, they should allow non Apple Store apps to be installed on the iPhone. :)

In the end, these exploits are found and reported every day (which is a good thing). I'm sure apple will figure out what the exploit is and patch it in 4.1.

Then jailbreakers will just find an new hole.

Apple's just asking for the jailbreakers to find holes as long as they try to keep their little walled kingdom free of freedom. :)
 
Comment

severe

macrumors 6502a
May 23, 2007
711
46
What do you expect to happen when you break Apple rules. The only reason I would see to jailbreak in the USA (since I live here) is to do FACETIME chats over 3G and to tether. I could care less about both. Jailbreaking has no other real killer feature, Apple has eliminated the need for inane people to jailbreak, which is a childish and pointless act atm

This post is full of contradiction, my friend. But I'll bite.

So how is Jailbreaking "a childish and pointless act"?

Apple has a rule about Jailbreaking ..... DONT DO IT!! it's really simple, don't break Apple rules. :)

With my phone?
 
Comment

kas23

macrumors 603
Oct 28, 2007
5,628
288
Just use the product as Apple intended it.

No one's impressed.

lol

Looks like you need to RTFA too. The current Safari App is how Apple intended it. Only problem is that it has security hole any non-JBing person can accidently fall into.
 
Comment

longofest

Editor emeritus
Jul 10, 2003
2,864
1,478
Falls Church, VA
Apple has a rule about Jailbreaking ..... DONT DO IT!! it's really simple, don't break Apple rules. :)

I think you need to re-read the article to see what the point of the thread is.

The point is: there is an open vulnerability on every iOS device that a hacker could use to do whatever they want with your device. You don't have to jailbreak your device in order for this vulnerability to happen, it's just that the jailbreak method happens to use the pre-existing vulnerability to achieve its goals.
 
Comment

psac

macrumors 6502a
Jul 6, 2009
802
519
Regardless of the jailbreak, it's good this guy found the hole and has now made it public (in a non-malicious manner) so Apple can fix it. They should give this guy a reward. :D
 
Comment

rmatthewware

macrumors 6502
Jul 22, 2009
493
126
What?? what are you even saying? did you read the article? it's saying the exploit used to create this jailbreak can be used to create malware on NON-JAILBROKEN phones. has nothing to do with apple's rules.

Okay, it's legal to jailbrake, sure. But it seems the US is the only place where people expect to be able to break the rules and still be protected by the manufacturer. I want to jailbreak the phone and still have Apple take care of me. I'm talking about jailbreaking in general here, not this specific incident. It's not about being controlled, it's about demanding imaginary freedoms.

This is like buying a car, taking out the engine, tires, brakes, transmission; replacing those with after market parts; then getting mad at the car manufacturer when things go wrong.

You jailbrake your phone, you're taking your chances. And yeah, just as the car manufacturer shouldn't honor their warranty, Apple shouldn't honor theirs if you do this.
 
Comment

Aleco

macrumors regular
Aug 7, 2009
133
72
The download interface for iOS 4 on the PDF means it has to do something with iBooks, and PDF download exploit?


Edit:
I'm wrong, I looked at the PDF for the iPhone 4 (3,1) 4.0.1 file, looking at the PDF file with TextEdit shows that its a PDF exploit and not through iOS.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.