Browser-Based Jailbreak For iPhone 4 Released 154
WrongSizeGlass writes "Apple Insider is reporting on a browser-based 'jailbreak' for iPhone 4. Hackers on Sunday released the first 'jailbreak' for the iPhone 4, a browser-based exploit that allows users to run unauthorized code. Unlike previous jailbreaks, which required users to run software on their Mac or PC and tether their iPhone to their computer, the latest hack is done entirely within the Safari browser. Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad. Some users have reported that the modification results in broken MMS and FaceTime functionality. This jailbreak does not work on iPads running iOS 3.2.1. "
Security issue? (Score:5, Insightful)
Isnt this a very large gaping security issue? I would assume its much worse than the Android one where you had to trick the user into installing a kernel module manually.
So in other words (Score:5, Insightful)
You have a remote rootkit running from simply visiting a website?
Wasn't it just yesterday or the day before we called rooting your android (which has to be tethered), erasing your old operating system, and installing a new "custom" one with a rootkit installed on it which allows remote activiation of root an attack vector (note that even a rooted Android device can't get outside the Dalvik VM)?
I'm certain, absolutely certain that there will be no abuses of this. There will not be any nefarious person have a "must have" app that is so good that the app store refused and all you have to do are these easy steps right here on this web page! No, never happen - users would *never* be stupid enough to run things from a website - this is a great feature!
Re:Security issue? (Score:5, Insightful)
Indeed. "Custom versions of Android can be easily created" gets reported as "Android vulnerable to rootkits!", but "Huge security flaw in mobile safari" gets reported as "Unlock your iPhone 4!"
Re:Apple Insider? Pah! (Score:2, Insightful)
I just tried it too. I noticed a definite improvement in performance across all apps. The music app still takes forever to launch but it's better than it was with spotlight enabled. I don't think I've ever used spotlight on my iPod so disabling was a small price to pay for a bit of extra performance and probably better battery life.
I agree with everything you've said but your post makes it sound like disabling spotlight doesn't help at all which might discourage people from trying this hack.
Re:Note: Userland Jailbreak, Not Bootrom Jailbreak (Score:5, Insightful)
That's troubling on a great deal of levels. Android seems to be going the same way...
Re:So in other words (Score:5, Insightful)
You have a remote rootkit running from simply visiting a website?
That was my first thought too. Apple have left a hole in iPhoneOS (IOS, no matter how you case it, will always be Cisco in my mind :) wide enough that you can get root on it simply by getting to a website? I haven't RTFA so maybe there is more to it than that but i'm a little worried. I wonder how long until I can upgrade to Android on the iPhone...
Meanwhile... (Score:1, Insightful)
Meanwhile, everyone else using Palm, Blackberry, Windows Mobile, Android or Symbian devices, can keep being awesome. We don't have to jailbreak our phones to use them how we want to.
Re:Security issue? (Score:5, Insightful)
MMS/Facetime issues have long since been resolved (Score:1, Insightful)
In typical fashion Slashdot is WAY late posting this story and the MMS/Facetime issues have long since been fixed. Anyone doing a new jailbreak will never see the issue as the jailbreakme.com site has been updated to correct it and anyone who already jailbroke and has the issue can simply go into Cydia and accept the automatic update and they will be fixed also. Again, THERE ARE NO LONGER ANY MMS/FACETIME ISSUES and there haven't been for almost 12 hours now. In fact they were fixed within an hour of being confirmed by Comex. It would be nice if Slashdot made the slightest attempt to make sure their stories are accurate, especially one of this magnitude.
Re:Apple Insider? Pah! (Score:3, Insightful)
Disable the damn search junk you dont use anyways. IT sped my wifes 3G up a lot.
If there was one thing I wish the jailbreaking community would od is submit a patch to remove the useless search on the iphone.
Re:Apple Insider? Pah! (Score:3, Insightful)
I do...
iAds.
Re:Apple Insider? Pah! (Score:2, Insightful)
And just another note... (Score:3, Insightful)
If you're doing this and getting the purple background of death (just hangs and doesn't install) try this:
Method 1
-Click Home
-Double-click Home to bring up running apps
-Click and hold on Safari
-Close Safari, try again
Method 2
-Go to Settings->Safari
-Clear cache, history, cookies (some reported clearing History IN Safari to work)
-Try again
Method 3 (only thing that worked for me)
-Go to jailbreakme.modmyi.com instead of jailbreakme.com (just a mirror)
3GS 4.0.1
Re:IS news (Score:2, Insightful)
Ah Apple. You can have a secure browser with outrageous roaming charges or an insecure browser which anyone can run arbitrary root code and no roaming charges.
Re:Note: Userland Jailbreak, Not Bootrom Jailbreak (Score:3, Insightful)
Which manufacturers aren't doing it? The only phone that's rootable without finding some sort of vulnerability to exploit is still the Nexus One afaik ...
The fact that Moto is the only manufacturer that's succeeded in locking the bootloader down so far that nobody's been able to crack it doesn't mean that others haven't tried. What we need is a completely user accessible operating system, similar to the PC. Something like OpenMoko or the N900, but good :p
Unfortunately, most consumers prefer to be spoonfed whatever junk their carrier has to offer, and wouldn't dream of rooting or applying a custom ROM.
Android is only open in that anyone can use it for their hardware. However, 99% of the hardware that's meant to run with Android is locked down. A pity, really.
Re:Rooting is a local sploit (Score:3, Insightful)
Good thing Android has never had a remote exploit huh ? (Oops [readwriteweb.com].)
At least Apple as very judicious about pushing out updates (and Apple users generally update very frequently) while some manufacturers send out handsets with old Android versions [wired.com] and don't care that much about providing their users with the latest and greatest.
Re:Does the jailbreak patch the exploit? (Score:5, Insightful)
Your Reality Distortion Field is getting a bit weak. Time to head out to your local Apple store and buy something new and shiny to refresh the Field.
Then you will feel better.
Re:Apple Insider? Pah! (Score:3, Insightful)
I don't know why Apple included it in the release.
Damned if you do, damned if you don't.
Re:Apple Insider? Pah! (Score:3, Insightful)