Forgot your password?
typodupeerror
IOS Apple

iOS 4.3.4 Prevents Hacking and Jailbreaking 281

Posted by samzenpus
from the higher-walls dept.
Mightee writes "Apple has released a software update to iOS, version 4.3.4, for the iPhone 4, 3GS, iPad 2, 1, and iPod Touch. The main objective of this version is to prevent the hacking in Apple iOS devices which occurs through malicious PDF files. Another objective is to prevent the jailbreaking which occurs as a consequence of the previous effect. In previous versions, the iOS device is easily vulnerable to attacks. It happens because of mishandling of fonts embedded in the PDF file. Sometimes a downloaded PDF may be malicious, and there is a possibility that the file could inject malware into the iOS device, which gives a chance for the hackers to access the hardware of the iOS device."
This discussion has been archived. No new comments can be posted.

iOS 4.3.4 Prevents Hacking and Jailbreaking

Comments Filter:
  • aaaand... (Score:5, Informative)

    by milbournosphere (1273186) on Sunday July 17, 2011 @09:11PM (#36795964)
    it's been jailbroken: http://gizmodo.com/5821905/ios-434-has-been-jailbroken [gizmodo.com]
    • iOS X.Y.Z Prevents Hacking and Jailbreaking

      Until they move on to the next security flaw. Was, rinse, repeat.

    • by Psyborgue (699890)
      Actually, it's just a tethered jailbreak, meaning you have to connect your device to your computer every time you want to restart it. I'd wait a week or two and check on the dev team blog for a full, un-tethered jailbreak. With an iPad, tethered is not so bad given the battery live and non-critical nature of the device, but on a phone... I'd stick with 4.3.3 or whatever you're on unless you carry a backup phone you can stick the sim card into.
      • by gutnor (872759) on Sunday July 17, 2011 @09:35PM (#36796104)

        un-tethered jailbreak

        So you hope to see another way that any website can get root access to your device and change the operating system without the connected user consent ? An you consider that a plus on a "critical"(your word) device like your phone ??

        -Mind blows-

        • by Psyborgue (699890)
          Good lord no. I don't hope to see such an exploit (though some exploit may be necessary to discover at some future point to jailbreak, for example, IOS5). The browser exploit used for the 4.3.3 jailbreak is only one method [iphone-dev.org] to jailbreak a device (a convenient one). Normally you plug it into your computer and run a program such as redpois0n to jailbreak the device, or you can load a pre-jailbroken custom firmware created using a tool such as pwnage tool or sn0wbreeze. Browser exploits are (almost) never a
        • Re:aaaand... (Score:4, Informative)

          by Dynedain (141758) <slashdot2NO@SPAManthonymclin.com> on Sunday July 17, 2011 @11:24PM (#36796724) Homepage

          Untethered Jailbreak doesn't mean what you seem to think it does.

          Tethered jailbreaks require you to connect to a computer every time you reboot in order to jailbreak. Untethered jailbreaks are persistant through iOS power cycles.

          The browser exploit is one way to jailbreak (and because of the attack vector, a very important one to block). But it is not the only way to have an untethered jailbreak.

      • Actually, it's just a tethered jailbreak, meaning you have to connect your device to your computer every time you want to restart it.

        I have an iPhone, I've not restarted it more than once between revisions of the O.S. (which force a restart). To me the need to tether on reboot is incredibly minor.

        • by Psyborgue (699890)
          You've had good luck with stability. Others... not so much. It all depends on the quality of the apps you install through Cydia. Some like to push the envelope with customization, risking stability. On a phone, you need to be able to restart the thing and remove a troublesome package unless you're nearby a computer constantly.
    • by dimeglio (456244)

      Might be jailbroken but at least the PDF problem is fixed.

    • by RMingin (985478)

      Not new, not special and not noteworthy.

      There are two flaws in the bootloader for all the pre-iPad2 devices. They are commonly referred to by the names of the exploits against them, SHAtter and GreenPois0n. These will not ever be patched by Apple, they are too low level. This means that every iDevice before the iPad2 has a jailbreak for life.

      On the other hand, the bootloader exploits will only give you a tethered (needs a computer to help boot) jailbreak, so if you're on 4.3.3 or have saved SHSHs for it, ST

    • Well, of course... Contingencies are planned for. No one thinks that the "security researchers" looking for exploits to enable jailbreaking just stop looking for exploit vectors once they have root access, do they?

      IMHO, Mobile device/OS manufacturers should just give their customers (the end users, not the service providers) root access in an "advanced" menu option... Otherwise it's just a matter of time before some of the "jailbreakers" turn into malware authors...

      Don't get me wrong; Including a "Go

  • by Haedrian (1676506) on Sunday July 17, 2011 @09:27PM (#36796050)

    Its as if this update solved all problems and will solve all problems in the future.

    "iOS 4.3.4 solves known pdf exploits"

    Would have made sense.

    None of this "Prevents Hacking and Jailbreaking" nonsense.

    • by Kenja (541830) on Sunday July 17, 2011 @10:29PM (#36796396)
      Better description would be "iOS 4.3.4 fixes known PDF security flaw".

      This is a good thing. If you can use the flaw to root your phone, then so could someone else. But then that would be a less sensationalist article.
    • "iOS 4.3.4 solves known pdf exploits" Would have made sense. None of this "Prevents Hacking and Jailbreaking" nonsense.

      I would have titled it "Apple finally closes gaping security hole weeks after jailbreak community already patched it." PDF Patcher 2 has been out since at least July 6th. Of course, in order to install that vital security patch, you had to have jailbroken your iphone or ipad.

      Ironic that those who stayed inside the walled garden were less secure than those who didn't...

  • maybe (Score:2, Flamebait)

    by nitehawk214 (222219)

    I know how they can keep the hardware out of the hands of hackers. They should just sell an empty shell with the apple logo on it. It will still sell great!

  • by DanTheManMS (1039636) on Sunday July 17, 2011 @09:36PM (#36796118)
    Anyone with an iDevice reading this, please go backup your 4.3.3 SHSH file right now. Even if you don't think you'll ever jailbreak, please do it as an insurance measure. It's as simple as downloading a program (TinyUmbrella), connecting your phone to the computer, and clicking a button. Behind the scenes it's saving Apple's magic "approval" that allows you to restore your device to the fully-hacked 4.3.3 firmware. In the next few days, Apple is likely to stop signing restore requests for anything except 4.3.4.

    It's not that I expect most people to actively *want* to downgrade their firmware in the future. I just like having the *option* to do so. For instance, right now I could restore my iPhone to iOS version 3.1.3 if I wanted to, even though Apple stopped allowing restores to that version years ago.
  • iOS 10 cures cancer! (Score:4, Informative)

    by metalmaster (1005171) on Sunday July 17, 2011 @09:50PM (#36796206)
    no but the title is sensationalist at best.

    As a few others mentioned, Apple has only closed the most obvious hole that hackers have been using to jailbreak the device. There are probably others, and they have been/will be found. If theres anything that we've learned over the past year or so its that you shouldnt rattle the cage. Im not saying that anyone will go about breaking iTMS and exposing the infos of Apple's userbase, but who knows....

    If anything this will serve as a good pentest for future releases. Apple has known about the pdf exploit for quite some time and hasnt completely closed it, so people were able to get comfortable knowing their exploit could work with a bit of tweaking. This will get them off their asses and hunting for new ways to break free of he walled garden once again.
  • iOS 4.3 is still nowhere to be found, so the CDMA iPhone moves all the way up from 4.2.8 to 4.2.9.
  • Yes, Apple doesn't like jailbreaking, but it would be stupid of them to not patch the flaw now that it's discovered. It would be nice if they were to provide a sanctioned means to jailbreak the device, but that's another matter. If I wanted a device this open, I'd figure out which Android phone was most hackable and buy that.... and put up with the inferior user interface. As it turns out, I HATE inferior user interfaces, which is why I avoid things like Linux and Windows desktops and which is why I boug

  • by joh (27088) on Monday July 18, 2011 @04:54AM (#36797872)

    I know that the /. pseudo-nerd crowd loves nothing more than an opportunity to bash Apple, but all what Apple did here was patching a remote root exploit out in the wild. There's nothing wrong with patching that. Really.

    This exploit was also used for the last jailbreak, so this jailbreak is now broken. Tough luck, but a totally different thing. Complain about Apple as much as you want, but please don't complain about them patching such exploits.

Some people have a great ambition: to build something that will last, at least until they've finished building it.

Working...