iOS4 Jailbreak Method Brings Security Concerns

MacRumors

macrumors bot
Original poster
Apr 12, 2001
47,030
9,045


There is renewed concern today over iOS security after a website-based jailbreaking tool was released for iOS 4 for iPhone and iPod touch and iOS 3.2 for iPad.

While the jailbreak appears to be a relatively benevolent attack against a security hole in iOS, concern remains that there is a yet-unpatched and largely unidentified security vulnerability in iOS that hackers could use in a similar way to remotely plant malware on an unsuspecting victim's device.

Multiple reports suggest that the jailbreak method attacks a flaw in the iOS PDF viewer in order to gain access to the device, however the principle developer of the project "comex" writes via his Twitter account that he is wondering "how long until someone figures out the actual bug I'm exploiting."

A similar jailbreak method was devised for iPhone OS 1.1.1, where developers even fixed the targeted bug after the jailbreak was complete.

Article Link: iOS4 Jailbreak Method Brings Security Concerns
 

Small White Car

macrumors G4
Aug 29, 2006
10,899
1,125
Washington DC
Exactly. I said this in the other thread, too. I don't have a problem with jailbreaking, but the fact that this particular method of doing it is possible worries me somewhat.
 

iDisk

macrumors 6502a
Jan 2, 2010
825
0
Menlo Park, CA
What do you expect to happen when you break Apple rules. The only reason I would see to jailbreak in the USA (since I live here) is to do FACETIME chats over 3G and to tether. I could care less about both. Jailbreaking has no other real killer feature, Apple has eliminated the need for inane people to jailbreak, which is a childish and pointless act atm
 

nwcs

macrumors 68000
Sep 21, 2009
1,822
2,255
Tennessee
In this case it doesn't matter whether they are breaking Apple's rules or not. A web site could create a lot of problems by fooling people into downloading crafted PDFs. Apple should fix the holes ASAP.
 

Consultant

macrumors G5
Jun 27, 2007
13,291
14
Exactly. I said this in the other thread, too. I don't have a problem with jailbreaking, but the fact that this particular method of doing it is possible worries me somewhat.
The difference is the under 10 people in the world who know how to do it, they are all known, and all working to help jailbreak the devices not for nefarious means.
 

Small White Car

macrumors G4
Aug 29, 2006
10,899
1,125
Washington DC
The difference is the under 10 people in the world who know how to do it, they are all known, and all working to help jailbreak the devices not for nefarious means.
I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.

it's really simple, don't break Apple rules. :)
So owning an iPhone is "breaking Apple rules" now?

What?
 

likemyorbs

macrumors 68000
Jul 20, 2008
1,956
5
NJ
What do you expect to happen when you break Apple rules.
What?? what are you even saying? did you read the article? it's saying the exploit used to create this jailbreak can be used to create malware on NON-JAILBROKEN phones. has nothing to do with apple's rules.
 

iDisk

macrumors 6502a
Jan 2, 2010
825
0
Menlo Park, CA
In this case it doesn't matter whether they are breaking Apple's rules or not. A web site could create a lot of problems by fooling people into downloading crafted PDFs. Apple should fix the holes ASAP.
People who have jail broken devices do so by there own actions, this isn't Apples fault, the user shouldn't jailbreak there device, period. ;)
 

Consultant

macrumors G5
Jun 27, 2007
13,291
14
I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.
People said the same thing when the first web-based iPhone jailbreak came out.

Apple will also patch this with the next software update.
 

iDisk

macrumors 6502a
Jan 2, 2010
825
0
Menlo Park, CA
I'm just not so sure I understand what's stopping person #11 from learning how to do it and using it to bust into my phone.



So owning an iPhone is "breaking Apple rules" now?

What?
What?? what are you even saying? did you read the article? it's saying the exploit used to create this jailbreak can be used to create malware on NON-JAILBROKEN phones. has nothing to do with apple's rules.
:( whoops, please have mercy on me for not understanding the article :( , sorry I somehow missed this ..... :eek::eek:
 

iVoid

macrumors 65816
Jan 9, 2007
1,121
145
Well, if Apple wants these exploits to remain hidden, they should allow non Apple Store apps to be installed on the iPhone. :)

In the end, these exploits are found and reported every day (which is a good thing). I'm sure apple will figure out what the exploit is and patch it in 4.1.

Then jailbreakers will just find an new hole.

Apple's just asking for the jailbreakers to find holes as long as they try to keep their little walled kingdom free of freedom. :)
 

severe

macrumors 6502a
May 23, 2007
702
33
What do you expect to happen when you break Apple rules. The only reason I would see to jailbreak in the USA (since I live here) is to do FACETIME chats over 3G and to tether. I could care less about both. Jailbreaking has no other real killer feature, Apple has eliminated the need for inane people to jailbreak, which is a childish and pointless act atm
This post is full of contradiction, my friend. But I'll bite.

So how is Jailbreaking "a childish and pointless act"?

Apple has a rule about Jailbreaking ..... DONT DO IT!! it's really simple, don't break Apple rules. :)
With my phone?
 

kas23

macrumors 603
Oct 28, 2007
5,626
291
Just use the product as Apple intended it.

No one's impressed.

lol
Looks like you need to RTFA too. The current Safari App is how Apple intended it. Only problem is that it has security hole any non-JBing person can accidently fall into.
 

longofest

Editor emeritus
Jul 10, 2003
2,818
1,324
Falls Church, VA
Apple has a rule about Jailbreaking ..... DONT DO IT!! it's really simple, don't break Apple rules. :)
I think you need to re-read the article to see what the point of the thread is.

The point is: there is an open vulnerability on every iOS device that a hacker could use to do whatever they want with your device. You don't have to jailbreak your device in order for this vulnerability to happen, it's just that the jailbreak method happens to use the pre-existing vulnerability to achieve its goals.
 

psac

macrumors 6502a
Jul 6, 2009
754
470
Regardless of the jailbreak, it's good this guy found the hole and has now made it public (in a non-malicious manner) so Apple can fix it. They should give this guy a reward. :D
 

rmatthewware

macrumors 6502
Jul 22, 2009
493
113
What?? what are you even saying? did you read the article? it's saying the exploit used to create this jailbreak can be used to create malware on NON-JAILBROKEN phones. has nothing to do with apple's rules.
Okay, it's legal to jailbrake, sure. But it seems the US is the only place where people expect to be able to break the rules and still be protected by the manufacturer. I want to jailbreak the phone and still have Apple take care of me. I'm talking about jailbreaking in general here, not this specific incident. It's not about being controlled, it's about demanding imaginary freedoms.

This is like buying a car, taking out the engine, tires, brakes, transmission; replacing those with after market parts; then getting mad at the car manufacturer when things go wrong.

You jailbrake your phone, you're taking your chances. And yeah, just as the car manufacturer shouldn't honor their warranty, Apple shouldn't honor theirs if you do this.
 

Aleco

macrumors regular
Aug 7, 2009
121
6
The download interface for iOS 4 on the PDF means it has to do something with iBooks, and PDF download exploit?


Edit:
I'm wrong, I looked at the PDF for the iPhone 4 (3,1) 4.0.1 file, looking at the PDF file with TextEdit shows that its a PDF exploit and not through iOS.