Browser-Based Jailbreak For iPhone 4 Released 154
WrongSizeGlass writes "Apple Insider is reporting on a browser-based 'jailbreak' for iPhone 4. Hackers on Sunday released the first 'jailbreak' for the iPhone 4, a browser-based exploit that allows users to run unauthorized code. Unlike previous jailbreaks, which required users to run software on their Mac or PC and tether their iPhone to their computer, the latest hack is done entirely within the Safari browser. Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad. Some users have reported that the modification results in broken MMS and FaceTime functionality. This jailbreak does not work on iPads running iOS 3.2.1. "
Does the jailbreak patch the exploit? (Score:5, Interesting)
If a website can run unauthorized code by just visiting a page, does the jailbreak "innoculate" against the exploit it uses?
Or would apple's fix for the bug also break the jailbreak? (they'll do that, I guess).
Serious security hole (Score:5, Interesting)
Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad.
This sounds like a huge security hole. If simply visiting a web page can modify the OS of the phone, then this can surely be used for more malicious purposes. Maybe the user has to make some more clicks but then how hard is it to social engineer a user into doing that, and the attacker can do anything they like. Such as installing back doors, keyloggers, whatever. This I think is more than just a jailbreak: this is a root exploit in the browser. Scary, to say the least.
The jailbreak itself may not work on other versions of iOS, but as it involves Safari I wouldn't be surprised if the root exploit itself works there as well. Binary patching of the running O/S (which is what I guess they are doing) of course works only against a specific version, minor revisions may break it, so no surprise it doesn't work for the iPad.
This is one I have to say I hope Apple plugs quickly. It just sounds too scary to me.
Re:Apple Insider? Pah! (Score:5, Interesting)
Re:Apple Insider? Pah! (Score:3, Interesting)
hmm, i havent noticed serious input lag, just that safari doing loading wont respond at all to inputs, and apps like ipod-app hang for ~5 secs when you open them
i hope they fix it, if they dont however, i wont care all that much, in a few months my ancient symbian powered nokia will be replaced by a HTC android device, which will also make my ipod redundant
Re:Does the jailbreak patch the exploit? (Score:5, Interesting)
Sometimes I believe Apple puts these back doors in (Score:5, Interesting)
To have the "cutting edge" people test out new features.
Re:Apple Insider? Pah! (Score:2, Interesting)
Re:Apple Insider? Pah! (Score:1, Interesting)
HUH?
If they said the OS would not work on Iphone 3G and Ipod TOuch 2nd gen or older, then that would have been a motivation for people to upgrade hardware. As it is now, you have people with devices that used to perform great are now performing like shit. Do you really think those people will want to spend on upgrading hardware thanks to getting "burned" by a shoddy OS upgrade?