Forgot your password?
typodupeerror
Iphone Apple

Apple Outs Anti-Jailbreak Update 429

Posted by CmdrTaco
from the longer-than-i'd-expect dept.
Stoobalou writes "Apple has issued an emergency update for devices running the iOS 4 mobile operating system. iOS 4.0.2 plugs the security hole exploited by the iPhone Dev Team to allow pain-free jailbreaking of the iPhone 4 and its manifold siblings as well as... actually, that's about it."
This discussion has been archived. No new comments can be posted.

Apple Outs Anti-Jailbreak Update

Comments Filter:
  • by EricTheRed (5613) on Thursday August 12, 2010 @08:59AM (#33227084) Homepage

    If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.

    That's true. Although recently jailbreakme got some legal footing about the legality of jail-breaking a phone, the way they did it was an issue, so it's good that the hole was broken.

    Another good example, not of bricking a phone, was shown on the UK tv news last night - of an example app on Android being able to record arbitrary audio after performing a similar hack.

    So although this says it's anti-jailbreak, that's just secondary - it was one hell of a hole in the first place.

  • by grimsweep (578372) on Thursday August 12, 2010 @09:01AM (#33227106)
    I am curious as to how much longer we will go until the next security hole isn't used so benevolently.

    Who's up for a virus that can't be removed by the user once it's in? How about a friendly bugger that takes advantage of your contact list? For that matter, let's bring back the old dialer viruses and have your phone call a 10$/minute hotline every night for an hour.
  • by Pojut (1027544) on Thursday August 12, 2010 @09:02AM (#33227126) Homepage

    Thirded. Usually I would say Apple was just trying to keep people from unlocking their phones...but I think that was just a symptom of the problem they were trying to fix here.

  • The evil "jailbreak vendors who say you shouldn't upgrade" (term used by F-Secure) have stated that they will be releasing a fix for the exploit on the iPod Touch 1G and the iPhone 2G. Ironically, this means that all owners of such devices MUST now jailbreak unless they want to be vulnerable to this exploit forever.

    McAfee? Symantec? You seriously expect them to do something useful instead of whining about how Apple doesn't let them write software to hog down your phones even more?

  • by Zuzzy (124703) on Thursday August 12, 2010 @09:10AM (#33227210)

    I still am amazed that Apple releases the iPhone code with simple, easy to discover passwords that are the same across every device. That is UNIX rule 101 - "protect root". Knowing the password means that if you can execute arbitrary code on the iPhone via any means, you can su to root and break out of the user space security protection. User priviledge controls have been the basis of UNIX security for as long as UNIX has been around (as it has been for most OSs to more or less a degree)

    If the iPhone had random root passwords on each device, and used certificates to trust iTunes, the risk of a driveby attack doing permanent (ie surviving reboot) damage must be lower? Or have I missed something obvious here?

  • by oztiks (921504) on Thursday August 12, 2010 @09:22AM (#33227292)

    This exploit is the least of their problems ... http://www.sbsfaq.com/?p=2165 [sbsfaq.com]

  • by Anonymous Coward on Thursday August 12, 2010 @09:23AM (#33227298)

    I thought android phones needed to be "rooted". Double standard much?

  • Yup, already out for testing [iphone-dev.org].

    Thu Aug 12 15:20:25 unknown MobileSafari[421] : MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/PDFPatch_CVE-2010-1797.dylib
    [...]
    Thu Aug 12 15:20:56 unknown MobileSafari[421] : Prevented PDF Exploit
    Thu Aug 12 15:20:56 unknown MobileSafari[421] : FT_Load_Glyph failed: glyph 1: error 130.
    Thu Aug 12 15:20:56 unknown UIKitApplication:com.apple.mobilesafari[0xc4c][421] : Thu Aug 12 15:20:56 iphone MobileSafari[421] : FT_Load_Glyph failed: glyph 1: error 130.

    And suddenly jailbreaking is the smart security option for all the users that Apple left behind.

  • by hey (83763) on Thursday August 12, 2010 @09:28AM (#33227346) Journal

    > 2010: The Year of the Linux Phone

    It is! Android and others!

  • by delinear (991444) on Thursday August 12, 2010 @09:45AM (#33227478)
    Android phones only need to be rooted if you're doing something that requires root access - for everything else running unsigned (i.e. third party, non-market) apps is simply a matter of unchecking a box in the settings, so no, it's not quite the same thing (as you'd know if you had ever tried to send an MP3 via bluetooth from an Android phone to an iPhone, for instance - they both have this ability but only one allows you to do it without rooting the device).
  • by mlts (1038732) * on Thursday August 12, 2010 @10:06AM (#33227690)

    A rooted Android phone is almost always still decently secure, and usually the rooting process involves something with adb, something a Dalvik VM app will be hard pressed to get unless it asks for permissions.

    Say a piece of malware gets downloaded from Google's Marketplace. The su app pops up asking, "hey, the Vomitron Toaster app wants root privs?" Anyone with a clue is going to tick "no" and "remember this decision". In a couple hours after the app gets flagged, Google fires off the kill switch and the app gets zapped from the store and phones.

    Rooting gives one more functionality, but it doesn't significantly add functionality to a device like an IOS JB does.

    Here is the funny thing. If I want a command line shell to do stuff on a phone, Android is easy -- download a terminal app. The iPhone, I need to do the following:

    1: JB the device.
    2: Hunt down "MobileTerminal 426", the Debian package.
    3: Get on a wireless network.
    4: Enable OpenSSH.
    5: ssh into phone, change root and mobile password to something respectable (20+ characters.)
    6: scp the Debian package and install it.
    7: Install sudo from Cydia and configure it so I don't need to type in the insanely long password when I want root access.
    8: Edit /etc/sshd/sshd_config to only allow access via RSA key, and disallow root access.
    9: Make sure the sshd is turned off in SBSettings unless it is needed. It will turn back on after a reboot.

    All this so I can have full command line access to my iPhone and a method of copying files to and from the filesystem without restriction. The reason why I do the gymnastics with sshd as opposed to uninstalling it is so I can sftp in.

    To boot, the only command line terminal app [1] that works on the iPhone (the Terminal app in Cydia is not iOS4 compatible and crashes on startup) doesn't seem to have the ability to do control keys other than control-C. Of course, I wonder if I can just use a normal app and ssh to loopback, but so far, that hasn't worked unless the device is on a Wi-Fi network.

    Personally, if someone can make a good terminal emulator and put it on Cydia, I'd pay $5-$10 for it. Especially if it has an easy mechanism for doing control and meta keys, so if I feel insane enough to run emacs, I can.

    [1]: A true terminal app that uses a shell and such. There are apps for ssh and such, but those don't have access to the whole phone's filesystem, and I doubt they would get approved if they had the ability to do so.

  • by Anonymous Coward on Thursday August 12, 2010 @11:00AM (#33228310)

    I'd like to change the notification sounds on my iphone. The problem is there is no way to do that without jailbreaking. I'm sure there are more than a few people who would like that functionality.

  • by gravis777 (123605) on Thursday August 12, 2010 @11:50AM (#33228930)

    I have found a few reasons for jailbreaking - and I used Jailbreakme to break it. The first is backgrounding Apps. Apple, in their "brilliance", decided to limit this to just the iPhone 3GS and the iPhone 4. I can now run Pandora in background on my iPhone 3G. Second are things that add or compete with Apple apps. Being able to download files in Safari is a huge thing. So are running ports of VLC that allow me to play files other than in the crazy resolution and .h264 that Apple requires - i can now play MPEGs as well as a few other formats. Another app I have lets me download youtube videos. Sure, I can fire up my PC, use firefox and flashgot, pull the videos, run them MediaCoder or Adobe Meida Encoder, import them into iTunes then sync my iPhone, but this is way more convienent.

  • by antibryce (124264) on Thursday August 12, 2010 @12:29PM (#33229376)

    it looks like that is a problem with Exchange, and has nothing to do with the iphone (other than the person who actually took screenshots of the Flash SMS uses an iphone, not surprising given most phones have no way to take screenshots :)

  • Re:Outing the update (Score:2, Interesting)

    by OfficeSupplySamurai (1130593) on Thursday August 12, 2010 @01:38PM (#33230176) Homepage

    For most any phone from AT&T, after the contract is up, they will let you unlock it. This makes since, because after the contract is done, you have effectively paid for it, and it does belong to you. I just recently did this with a Motorola RAZR V3xx. I called them up, said the phone was from an ended contract, and asked to unlock it. There were no questions or uncertainty, just "I can help you with that", and the person then gave me the unlock code and instructions after getting the phone's IMEI number.

    This does not happen with the iPhone. After your contract is over, you still are not allowed to unlock it.

    In addition, I personally will probably be paying the full ($600) price for my next iPhone, so that I am not tied into a contract. Why shouldn't I be able to have the phone unlocked?

    Also, don't forget that you need to enter a contract with AT&T to get an iPhone in the first place. If you decide to get the phone for $200, you'll need to pay an extra $325 - $10 a month if you end the contract early. Plus there's the $36 for activation. If you cancel in the first month, you must return the phone, so you have to pay for at least one month of service, which is $65. So if you go this route, you end up paying a minimum of $200+$315+$36+$65=$616 plus taxes and fees.

    So no, it is not in fact possible to have any sort of iPhone for a mere $200. Your complaints about entitlement are misplaced.

  • by afabbro (33948) on Thursday August 12, 2010 @02:31PM (#33230692) Homepage

    citation please.

    Welcome to Slashdot. We're discussing here. You might find that it's a different than, say, Wikipedia.

Numeric stability is probably not all that important when you're guessing.

Working...