Apple Outs Anti-Jailbreak Update

Stoobalou writes "Apple has issued an emergency update for devices running the iOS 4 mobile operating system. iOS 4.0.2 plugs the security hole exploited by the iPhone Dev Team to allow pain-free jailbreaking of the iPhone 4 and its manifold siblings as well as... actually, that's about it."

Re:Why does the submitter see this as a bad thing?

[oodaloop]

Bricked? I thought you could just re-synch your phone and restore it.

The best part

[Halo1]

Apple has not released the fix for the iPod Touch 1G and the iPhone 2G, so the iPhone Dev Team themselves are working on a fix [iphone-dev.org] that will work on all devices. So you'll be able to basically jailbreak and then plug the hole that was used to do it.

Re:Already an issue..

[am 2k]

The problematic part is that iPhone 2G users won't get an update but are still susceptible to this bug, so they're SOL. Additionally, iOS 4 sucks on the iPhone 3G (nearly no new features, but much slower), so many are reluctant to update.

Re:It doesn't help the passwords are well known

[marcansoft]

You can't su to root. There is no su on a stock iPhone. The privilege escalation from the PDF exploit was accomplished using a kernel vulnerability, not su.

The passwords mean nothing until you jailbreak and actually put a reasonable UNIX userland on the phone.

Re:Why does the submitter see this as a bad thing?

[cduffy]

I thought android phones needed to be "rooted".

Some Android phones. And if you have a dev bootloader (ie. the folks you bought your phone from aren't assholes), there aren't any security exploits involved in the process anywhere.

Also, the set of things you can do on an Android phone without root is substantially larger than the set of things you can do on a non-jailbroken iPhone (replacing the built-in apps, for instance).

Re:Why does the submitter see this as a bad thing?

[Anonymous Coward]

androids don't "need" to be rooted unless your particular phone company disables functionality that you want to use. The most relevant example of this is tethering, most phone companies will only enable it after you agree to pay $xx/month more for the privilege to use functionality your phone has native support for.

That said, I've never owned an iPhone so I don't know what you gain by jailbreaking it.

Re:Already an issue..

[z1ppy]

iOS 4 sucks on the iPhone 3G (nearly no new features, but much slower), so many are reluctant to update.

iOS4 doesn't suck on the 3G if you do a clean wipe of the OS before moving to 4. This has been a known issue for some time now. Wipe your 3G, then move to iOS4. I know plenty of folks running iOS4 on their 3G who absolutely love it. They have no issues with performance or it suck-ing. If you upgraded and already experience performance issues, backup your phone, restore to factory settings, upgrade to iOS4, then restore from backup. Problem solved.

Re:Already an issue..

[BarryJacobsen]

iOS 4 sucks on the iPhone 3G (nearly no new features, but much slower), so many are reluctant to update.

iOS4 doesn't suck on the 3G if you do a clean wipe of the OS before moving to 4. This has been a known issue for some time now. Wipe your 3G, then move to iOS4. I know plenty of folks running iOS4 on their 3G who absolutely love it. They have no issues with performance or it suck-ing. If you upgraded and already experience performance issues, backup your phone, restore to factory settings, upgrade to iOS4, then restore from backup. Problem solved.

From personal experience, this doesn't do anything to fix the problem - it will come back after restoring from the backup.

Re:It doesn't help the passwords are well known

[marcansoft]

Are you sure that there isn't an su

Yes.

# dpkg-query -S /bin/su
coreutils-bin: /bin/su

coreutils-bin is a jailbreak package.

I don't think the jailbreak updates the OS to include su

It does. The deb dependency chain is cydia -> essential -> dpkg -> coreutils-bin. Stock iPhones have very little of the standard UNIX/BSD filesystem and utilities left.

if you have an exploit like the PDF exploit and are able to run arbitrary code, then you can su and the root password is known

No you can't, because nothing on the phone cares about that password. UNIX kernels don't read /etc/passwd. You need a sudo-root utility like su to handle authentication. There is no such mechanism on a stock iPhone, so passwords in /etc/passwd mean nothing. The iPhone makes no attempt to conform to standard POSIX semantics, especially in userland. In fact, they have their own application sandboxing system on top of normal UNIX permissions.

If order to jailbreak an iPhone, you need a kernel (or bootloader) exploit besides a userland exploit. Knowing the root password is useles, because nothing on the phone is actually capable of accepting that password and giving you root. And even if you have root, you aren't all-powerful like root is on a normal UNIX OS. The kernel is still off-limits, and you still need a kernel hole to break in.

Does anyone know if the jailbreak requires the root password to be alpine to work?

It doesn't.

Re:Already an issue..

[Torne]

iPhone 2G and 3G users can both install the 3.2.2 update that fixes the same vulnerability, so your comment is wrong on all counts.

No, they can't. The 3.2 series is only for the iPad, and doesn't exist for any iPhone/iPod. The 3.2.2 update does fix the vulnerability, but only iPad users can install it.

Re:Why does the submitter see this as a bad thing?

[farble1670]

Another good example, not of bricking a phone, was shown on the UK tv news last night - of an example app on Android being able to record arbitrary audio after performing a similar hack.

citation please.

i ask because i really doubt it was a similar hack. most of these so-called android trojans and viruses rely on 1) getting a user to install a non-market app for which they need to have explicitly allowed in their settings and 2) granting the app permissions to do malicious things.

Re:Outing the update

[AmigaMMC]

Please join the quest to mandate the factory unlocking of the iPhone

http://www.facebook.com/group.php?gid=133380463371767&ref=ts [facebook.com]

This is a petition to the U.S. Government's FCC (Federal Communication Commission) to mandate an unlock of all iPhones. We paid for the phone, we should be able to use it how we see fit.
Please post a message on the wall saying "Please unlock"
Only people with a US iPhone and contract please.
Spammers will be reported and banned.

disable smartsearch

[ProfBooty]

if you disable most of the smart search functionality, it speeds up considerably, but is still not as fast as the 3.0 OS.

Re:Outing the update

[Teun]

You live in a strange world.

The majority of men I know considers physical contact (as in sex) with other men as creepy and a total abomination but at the same time many of them have close friendships with men without any sexual attraction what so ever.

For them is 'getting off' with other men simply impossible, their little man goes very limp at the thought alone.

Re:Outing the update

[Aphoxema]

-1, flamebait? WTF?!

1. Apple Computer was just outside of San Francisco [wikipedia.org]
2. They've been trying to whitewash [wikipedia.org] it since 1988, but before that, Apple was proudly flying the freak flag since 1977 [wikipedia.org]
3. have you seen Jobs [wikipedia.org] ? (BTW, I find that file name amusing...)
4. they have a long history [wikipedia.org] of catering to "graphic designers"
5. they're very concerned [wikipedia.org] with maintaining a hip, stylish persona

Your citations are highly convincing.

Re:Outing the update

[Laurence0]

I disagree with you both, although this could be because I have a UK perspective on the issue. Over here, you can either buy "locked" phones, which typically come with a pay-as-you-go sim. Regarding these, I basically agree with you, the network has subsidised them heavily, so they're not really "your" phone.

On the other hand, you can get phones on contract. This involves signing up for a specified number of months, and possibly paying something up front. In this case, you're buying the phone, however you're essentially buying it on credit and paying it off over 12-24 months. In this case (at least over here) the phones generally come unlocked, so you can move to a different network if you wish, but you'll still have to pay your contract's monthly fee, even if you don't use the network.

In the latter case, I feel it's perfectly fair to consider the phone to belong to the customer. They've paid for it, and the service.

The other difference between the US and the UK is this ridiculous notion of crippled phones - over here, they might sometimes be locked to a network to cover the subsidy, but I've never had one which has had features deliberately disabled by the network which is what preventing you rooting the device basically amounts to.

Re:Already an issue..

[am 2k]

No, 3.2.x is iPad-only.

Patches for Jailbreakers

[Francis]

For jailbreakers who want to be safe and keep their jailbreak, search for "PDF Loading Warner" in the Cydia store. It's a pop-up that will warn you if Safari is attempting to load a PDF, so you can cancel it if you're not expecting to be viewing a PDF.

For iPhone 2G and iPod Touch 1G users, there's no Apple-approved solution to the PDF exploit.

The jailbreak community is working on an actual PDF patch to fix the exploit. This could be the only solution for iPhone 2G/iPod Touch 1G users, to jailbreak their device and install the patch.

It's in test phase now, but you can get a copy: http://twitter.com/saurik/status/20958834996 [twitter.com]