Two Unpatched Flaws Show Up In Apple iOS 171
Trailrunner7 writes "The technique that the Jailbreakme.com Web site is using to bypass the iPhone's security mechanisms and enable users to run unapproved apps on their phones involves exploiting two separate vulnerabilities. One of the vulnerabilities is a memory-corruption flaw that affects the way that Apple's mobile devices, including the iPad and iPod Touch, display PDFs. The second weakness is a problem in the Apple iOS kernel that gives an attacker higher privileges once his code is on a targeted device, enabling him to break out of the iOS sandbox. The combination of the two vulnerabilities — both of which are unpatched at the moment — gives an attacker the ability to run remote code on the device and evade the security protections on the iPhone, iPad or iPod Touch. The technique became public earlier this week when the Jailbreakme.com site began hosting a set of specially crafted PDF files designed to help users jailbreak their Apple devices and load apps other than the ones approved by Apple and offered in its official App Store."
Falsely implied security (Score:5, Insightful)
Back when Apple was trying to convince the public to accept this locked down app store model, one of the justifications was malware protection, specifically Jobs himself cited bluetooth worms. But the more these things start to look like and function like a general computer, the most likely attack vector is through websites just like on the desktop. The only other attack vector that Apple stops with this model is the fake screensavers, but apparently they aren't so good at catching unwanted code in the app store either, i believe there was a personal information theft app a few months back and just a few weeks ago there was a covert tethering app.
So i have to ask, if a website can line up a few exploits like this and compromise the entire device to the level needed to actually break the chain of trust Apple has created, what is the point of all this shit? Just so Apple can control their OS environment like a dictator?
didn't you just argue FOR the app store? (Score:5, Insightful)
But the more these things start to look like and function like a general computer, the most likely attack vector is through websites just like on the desktop
You just made the argument for why users should only use applications vetted from a store instead of the general web.
Happily the iPhone actually doesn't impose any restrictions on web use.
I just thought it was odd you were trying to argue against the security benefits of a closed app store using a bug in a totally open browser model.
The point of the app store would then be that the more applications users used, the less exposed they would be to web bugs. We know attackers inject exploits into popular websites all the time.
Re: (Score:2)
Considering that tethering and malicious apps have made it through the store is not a safety guarantee.
Security is a percentage game (Score:2)
Considering that tethering and malicious apps have made it through the store is not a safety guarantee.
No-one ever said it was. Security can never be absolute. That's why security is a matter of percentages, and layers... multiple layers work better to protect users. Note this flaw required two exploits to come into alignment, a pretty rare event.
Yes app store reviews can miss things. But App Store apps can be pulled from all devices suddenly with no user involvement (as Google recently had to do). A
Re: (Score:2)
since when has this become a good thing?
For the average person this is a very good thing.
Heck, for me I'd appreciate someone using this to pull out a truly evil app. But to date Apple has not used this feature, even for things like tethering apps that you could briefly buy and they removed from the store. As long as the feature is truly used only to block malicious apps it's a good thing for the user.
To my mind it's no different than when I used to have a Linux installation that I configured to automatic
Re: (Score:2)
I just thought it was odd you were trying to argue against the security benefits of a closed app store using a bug in a totally open browser model.
On an open platform, you'd be able to use a third-party browser when flaws like this are discovered in the built-in browser.
On the iPhone, however, you're stuck with Apple's browser core (no pun intended). Third parties are allowed to post their own WebKit skins in the app store, but those are likely to feature all the same bugs.
Re: (Score:2)
On an open platform, you'd be able to use a third-party browser when flaws like this are discovered in the built-in browser.
You could always use Opera MINI on the iPhone.
However it's a poor argument in this case as any third party browser you used would still hand the PDF off to the vulnerable system library to parse and display...
Re: (Score:2)
You could always use Opera MINI on the iPhone.
Opera Mini's server-side rendering and minimal interactivity make it unsuitable to replace a native browser for general use, as I'm sure you're aware.
However it's a poor argument in this case as any third party browser you used would still hand the PDF off to the vulnerable system library to parse and display...
... unless it didn't. Third-party browsers could use third-party PDF rendering libraries.
Re: (Score:2)
"... unless it didn't. Third-party browsers could [sic] use third-party PDF rendering libraries."
Unless they didn't.
Re: (Score:2)
Sure. Point is, iPhone developers are forbidden from writing and distributing browsers that use non-Apple rendering technology. When a bug like this is found, all users can do is hope that Apple fixes it quickly.
On open platforms, developers have no such restriction. If a bug like this hit Android, you'd probably see third-party browsers on the market soon after that didn't have the same bug -- in fact, there's already a version of Firefox for Android, and there are multiple PDF viewers.
Re: (Score:3, Interesting)
while this exploit shows that you have to also consider malicious data which injects code via existing "vetted" apps
That implies if an app store app had a security issue it would be an issue beyond that application. That is generally not the case since the apps are all well sandboxed and cannot affect the system. Messing with an approved app via some flaw would usually get you nothing but a corrupted app. You can't even modify the app binary from the app itself...
I'm not even sure breaking an app would
Re: (Score:3, Interesting)
How about when the camera starts to do face recognition (like most point-and-shoot digicams do today) and also starts to recognize bar codes and the square patterns like the ones that the Android app store uses? How about voice recognition and commands built into the machine? The smarter you make these things, the more complex they become. At a certain level of complexity, you lose assurance that the security works properly. It takes exponentially more time to vet the system as the complexity increases.
Closed and open data streams (Score:2)
How about when the camera starts to do face recognition
That I do not think can do anything, because it's a closed system. You collect points about a face and then look them up in a database of known faces. There's really not any way to inject information in there beyond what the system is expecting.
How about voice recognition and commands built into the machine?
Same thing, because the processing of the input attempts to match into a list of known words. Speaking gibberish can do nothing except simply
Re: (Score:3, Insightful)
What makes you think the apps are safely sandboxed if the browser isn't? If the browser isn't sandboxed at all, why the fuck not? If it is and this still happened, then the sandbox isn't all that effective, especially if you can get someone to run code locally and call native APIs.
Browser is sandboxed (Score:3, Insightful)
What makes you think the apps are safely sandboxed if the browser isn't?
For one thing, I'm an iPhone developer so I know the exact constraints of the application sandbox.
But also - the browser is sandboxed. Read details of the attack, it breaks the browser but then ALSO uses a second attack to escape the browser sandbox. The question is if the same thing is possible for any application, or if the sandbox exit is unique to Safari.
But having two exploits in alignment is a rare thing. It's rare enough that
Re: (Score:2)
It's rare enough that exploitable bugs in both systems will be hard to come by, and if malware writers are not exploiting the current bug in Safari why would they do so with the much smaller attack space of any one application?
That's a mighty big "if" in there... There's no way to know, since root access also means you can completely cover your tracks, leaving no trace that you were even there.
Lots of ways to know (Score:2)
That's a mighty big "if" in there... There's no way to know, since root access also means you can completely cover your tracks, leaving no trace that you were even there.
It's not such a big if given the number of people that are on the lookout for active iPhone exploits. Plus you can always notice by outbound communication or by difference in backups. Also it kind of doesn't matter, because anything that managed to install would only be alive until the next iOS update, which would overwrite wherever it
Re: (Score:2)
Re: (Score:2)
So basically, you'll only be 100% compromised and have every single shred of data exposed to whomever wanted it until you get around to installing the next update. Good to know!
Which is true of any system that has been exploited. The difference is the iPhone can be updated to remove the issue more easily.
But the main thing to realize is that people are looking for those kinds of intrusions, and when found an update will be close at hand. For the current issue, there are no malicious exploits yet.
Re: (Score:2)
Update process is external (Score:2)
As root, why wouldn't I be able to mess with the update process?
A very good question.
On the iPhone, updates are handled by iTunes. It basically overwrites the system, and then overlays your user data back on top of it. The iPhone doesn't really get to have a say about what happens to it.
That's one of the reasons why those wanting OTA (over the air) updates might want to think twice, although they are more convenient.
Precisely - wrong! (Score:2)
Precisely. When you're root, you can pretty much do as you please.
When you're root, can you stop the user from connecting a cable?
Oops! Guess you should have thought through your answer a bit more and actually read up on the iPhone update process. Read my response to the original poster to see just how off you were.
Re: (Score:2)
Presumably, one could create an app store app that has a UIWebView and some PDF data with corrupted fonts, and make that a jailbreak tool, but that would be just doing it the hard way...
Oh, the advisory says a corrupted PDF is just one of the exploits, I read somewhere else that the font-parsing mechanism was put in the kernel, and a flaw there allowed a kernel-level exploit, so I guess that's wrong then.
Re: (Score:2)
My interest is in the secondary exploit. Is it a kernel thing, or is there some binary that's setuid and doesn't validate it's args properly, or just something which Apple left in there when they shouldn't have to make it easier to develop...
Re: (Score:2)
Security-through-obscurity no more (Score:4, Insightful)
Seems that Apple is now paying the price for popularity.
The price not paid (Score:2, Insightful)
Seems that Apple is now paying the price for popularity.
What price? There are as yet no malicious attacks that make use of this attack vector. The only thing that does is using it as a utility that the user invokes on purpose, and even has to swipe to activate it!
Currently Apple users are not paying any price despite having a very popular mobile platform that every now and then has well-publicised vulnerabilities. Hmm.
Re: (Score:2, Funny)
Currently Apple users are not paying any price despite having a very popular mobile platform that every now and then has well-publicised vulnerabilities. Hmm.
Apple products are only free if your money is not worth anything. ;-)
Re: (Score:3, Insightful)
There are as yet no malicious attacks that make use of this attack vector.
That we know about.
Good point, but then it doesn't matter (Score:3, Insightful)
That we know about.
True, but if we have not heard of any then the infection rate is pretty low - after all you have to get the exploit up on a site and then get the person to visit that with the iPhone browser.
I would argue that most browser use on mobile devices is going to well-known sites (like your favorite news site, bank, etc) so the chances of a rogue website affecting random users seems pretty low.
Given there's working example code showing how to use the exploit you would actually expect something h
Re: (Score:2)
That we know about.
True, but if we have not heard of any then the infection rate is pretty low - after all you have to get the exploit up on a site and then get the person to visit that with the iPhone browser.
If you get an "innocent" app in the appstore, it's not that difficult. Using the browser engine in an app is not unusual, and that app could visit an innocent url in the background, without the user seeing anything. When the app is accepted in the appstore, the url can be redirected to an attack site, which still could work in the background - et voila! When the device is rooted by that website, it could as well execute some other code and install a rootkit.
Re: (Score:2)
Track Record (Score:2)
Have you looked at what this does to your iphone in it's entirety?
Me personally? No others have.
But it really doesn't matter because these are the same guys that have been working on jailbreaking since, well, forever. If they were wanting to do something nasty e would have seen evidence by now, only in a Bond movie would someone slave over reverse engineering something for five years only to then turn on the entire user base that was sending them props and lots of money via things like the Cydia app store.
Wrong, that is YOUR stuff (Score:2)
Nice random statement. The actions of the company show otherwise.
The actions are that jailbreaking is not specifically blocked by Apple, as it could be.
End of story.
Therefore you are wrong.
Apple's actions show the actually support jailbreaking, as opposed to public bluster.
Apple bans PDFs... (Score:3, Funny)
Products based on exploits (Score:5, Interesting)
I don't know if this scenario is valid, as I don't have an iPhone that can run iOS4. But here goes anyway.
So someone takes their iPhone and jailbreaks it. The two bugs that allowed this are still present in the jailbroken phones so the phones can also be pwned by anyone who comes up with a different exploit that uses these bugs. Clearly the phones can't be updated to 4.1 (as they are jailbroken) so unless someone produces patches independently of Apple they will remain in these jailbroken phones until they are discarded or reset to the official post 4.1 iOS. I wonder how many non-geeks who are persuaded to jailbreak their phones will realize this.
Here's the root of the issue. When someone decides to use an exploitable bug for their own purposes they are not doing any favors for themselves or their users. Exploitable bugs should be reported so they can be fixed, not used to develop your own products - however popular the products might be in some circles. That might well be an unpopular view in this forum, but there it is.
They can be patched though (Score:2)
Clearly the phones can't be updated to 4.1
Why not? Jailbreaking doesn't prevent all the normal system stuff from operating as it should, you still sync with iTunes and it would still check for updates. The only downside is that it MAY break the jailbreaking. But even then something like MiFi might well still work.
so unless someone produces patches independently of Apple
Jailbreakers may well do that, they sometimes make modification to system apps as part of the jailbreak.
I've always said that when you j
Re: (Score:2)
Re: (Score:2)
... and why would a typical ignorant user bother to jailbreak? If they got the phone jailbroken by their techie friend, it can be hoped that that techie friend also installed this loader warning...
Actually, it'd be great if jailbreakme.com either installs the warn mechanism straight away, or offers it as an opt-out default on their website.
Re: (Score:2)
Exploitable bugs should be reported so they can be fixed, not used to develop your own products - however popular the products might be in some circles. That might well be an unpopular view in this forum, but there it is.
Back in the days when Windows 3.x and 95 roamed the Earth that was the most common way to compete with Microsoft and their undocumented APIs.
Fix is already done, will ship any moment (Score:3, Interesting)
Apple announced earlier today that they already have a fix and it will roll out soon. It takes about 2 weeks to update half the platform, and another month to get most of the rest.
How will Apple correct this? (Score:5, Funny)
WTF (Score:3, Insightful)
Everyone does realize that the OS of their smartphone has no relation to dick size, right?
What the hell are folks arguing about, anyways? I would figure it's pretty awesome we live in an age where we can decide from multiple choices what advanced operating system will run our phone. That actually gets toward shit I wouldn't have expected growing up.
But I guess folks have been getting pissed about other people's choice of OS for years. I really wish I understood why people get so pissed about that sort of thing. Operating systems are tools, not cults.
Re: (Score:2)
You mixed your imperial and metric units again.
-dZ.
Re: (Score:2, Interesting)
More secure does not equal completely secure.
Though you do bring up an interesting point. iOS is the biggest mobile operating system player right now, and even with that large market share, so far nobody has turned all of those iPhones into a botnet. If Windows had the same bug, we would have millions of maliciously compromised systems by now. What gives?
Re: (Score:3, Insightful)
How do you know millions of phones aren't already compromised? They could just be sitting there quietly, waiting for the dust to settle a bit.
Do we need antivirus/antimalware on smart phones now? Welcome to the 21st century.
Re:Lol apple (Score:5, Insightful)
Re: (Score:2)
Yes, it has, it can be tricked into using a rogue cell [slashdot.org].
Re: (Score:3, Informative)
Somebody could rewrire the phone lines to my house too, but I don't count that as a vulnerability in the simple electronics in my land line phones.
Re: (Score:2)
Re: (Score:2)
Of course its a vulnerability, just not with the phone. The vulnerability is in the infrastructure.
Re: (Score:3, Insightful)
Of course it's with your phone:
Your phone should warn you and it doesn't. It's a vulnerability in your phone.
Re: (Score:2)
Re:Lol apple (Score:4, Informative)
iOS is the biggest mobile operating system player right now
Yep, it sure is. I mean, if you don't count Android [trendsupdates.com]
Re:Lol apple (Score:4, Insightful)
BlackBerry? Symbian?
Re: (Score:2)
Symbian is all but dead, blackberry is still in the lead, but is losing ground fast- and this is despite the fact that in the business market the blackberry is pretty much ubiquitous. Android is gaining ground at a tremendous rate.
This was just on slashdot a few days ago:
http://bits.blogs.nytimes.com/2010/08/02/android-passes-iphone-for-new-subscribers/ [nytimes.com]
Re: (Score:2)
Because most Symbian phones are marketed under the name of the producing companies (like Samsung or Nokia) and not with the Symbian name most people are under the impression that the company died a long time ago.
It's also not a very popular phone in the US\Canada market since Blackberry and Apple fit as a the market leaders in the smartphone space. Means people in the US rarely hear about it.
Re: (Score:2)
Nokia's marketshare globally is flat, and in the US has been declining for a while. The situation is so bad they are looking for a new CEO.
While it is still number 1 - its a very precarious situation as they still haven't launched the N8 - a phone arguably that should have come out 2-3 years ago.
They also lost a lot of customers (like me - and Symbian Guru blogger) over the N97.
Re:Lol apple (Score:5, Insightful)
I am not sure why people keep quoting that article when it comes to OS share. Apple sells more iPod touches [theappleblog.com] and iPads [ngonlinenews.com] than iPhones. Android barely squeaks past just iPhone and only in the US market. I do expect that one day Android will dominate the market, but it has a long way to go.
He said operating systems, not devices (Score:4, Interesting)
iOS is the biggest mobile operating system player right now
Yep, it sure is. I mean, if you don't count Android
Count Android all you like, if you count every Android device sold to date it would not equal the number [cnn.com] of iPhone and iPod Touch units sold.
The Touch (and iPad) all run the same mobile iOS the phones do.
Note that link was from back in 2009...
Re:He said operating systems, not devices (Score:4, Informative)
Count Android all you like, if you count every Android device sold to date it would not equal the number [cnn.com] of iPhone and iPod Touch units sold.
The Touch (and iPad) all run the same mobile iOS the phones do.
Note that link was from back in 2009...
Android and iOS combined don't even come close to Symbian.
True but pointless (Score:2)
Android and iOS combined don't even come close to Symbian.
Since it's not a modern mobile OS on just about all those phones the point is irrelevant. Like saying there are not as many Android devices as grains of sand on all the beaches in the world.
Re: (Score:2)
Android and iOS combined don't even come close to Symbian.
Since it's not a modern mobile OS on just about all those phones the point is irrelevant. Like saying there are not as many Android devices as grains of sand on all the beaches in the world.
To use a car analogy, it's more like saying that the number of people that own a Lexus or BMW is dwarfed by the number of people that own a Honda. While the Honda owners may be more concerned with reliably getting from point A to point B, and the Lexus/BMW owners may be more concerned with comfort, status or performance, in the end, they are all cars and perform the same basic service.
Car Analogy Back from the Shop (Score:2)
To use a car analogy, it's more like saying that the number of people that own a Lexus or BMW is dwarfed by the number of people that own a bicycle.
Fixed it for you, and far closer to the case at hand (at least with regards to Symbian).
Your analogy was actually not too bad if we had been talking about Blackberry, except you would have had to add in the fact about roads going forward only being made for Lexux/BMW and Hondas could not use them. How long after you can't use new roads would you be forced to bu
Re: (Score:2)
iOS is the biggest mobile operating system player right now
Android and iOS combined don't even come close to Symbian.
Since it's not a modern mobile OS on just about all those phones the point is irrelevant
Say, that is some nice goal posts you have there. And they move if you need them to. Nifty.
Re:Lol apple (Score:5, Informative)
iOS is not the biggerst mobile operating system in any way shape or form. RIM has far more devices in North America and Nokia rules the rest of the world.
Re:Lol apple (Score:5, Informative)
That page doesn't say that at all. You've quoted numbers (and even incorrectly inflated the iOS numbers by instead quote the linux desktop numbers) about browser strings. If you scroll down, you will see a VERY different picture of the marketplace for mobile devices (including iPhone, iPad and iPod):
From Gartner:
Symbian: 44.3%
Blackberry: 19.4%
iOS: 15.4%
Windows Mobile: 6.8%
Android: 9.6%
Linux: 3.7%
Other: 0.7%
Even allowing for a hefty margin of error, compared to Symbian, iOS is a very distant third.
Re:Lol apple (Score:4, Informative)
The Gatner article you are referring to clearly states that those marketshare numbers are for cell phones. The majority of iOS devices are not cell phones at all.
Re: (Score:2, Informative)
Those stats are just 1Q2010 sales, which may not be indicative of the total market share of phones currently in use. It's still a much better statistic than the one based on User-Agent strings though. With phones being replaced on average every 2 years though, one quarter worth of sales is an okay indicator, although Blackberry hasn't released too many phones recently.
The ComScore list appears to be better although they don't really say what their methodology is. They don't include Nokia in their list of
Re: (Score:2)
The Nokia smartphone OS [wikipedia.org]. Been around since about 1986 in various forms.
Symbian devices are rarely marketed as such and usually just sold as a "smartphone".
Re: (Score:3, Interesting)
Because iPhones are lacking in both performance and net access compared to even a low-end Windows machine, so they're mostly useless for botnets.
And you really need a reality check if you think iOS is anywhere *near* the biggest mobile OS.
Re: (Score:2)
Who is a bigger player? It is true that Symbian outsells the iPhone more than two to one, but the iPhone is outsold by both the iPod touch and iPad. Some reports claim iOS has twice as many installs compared to the nearest competition.
Re: (Score:2)
Re: (Score:3, Insightful)
Another way to put it might be: "If it's not completely secure, it's not secure at all".
Re: (Score:3, Informative)
iOS is the biggest mobile operating system player right now
bullshit! [cnet.com]
Re: (Score:2)
Ehhhh... did you forget about those other mobile operating systems? Symbian is a lot bigger than iOs. Android has overtaken iOs in the US by quite a large margin. Search $favourite_search_engine for 'android ios OR apple market share' and you'll find a whole lot of opinions, often diametrically opposed, on this subject. Follow the money to see where the truth lies (no pun intended).
Don't believe everything the priest says.
Re: (Score:2, Insightful)
Re: (Score:2, Insightful)
The 'remote' part of the exploit sort of shits all over the 'feature' argument.
Re: (Score:2, Insightful)
The problem is, it doesn't just allow you to jailbreak your phone. It allows anyone who can get you to view a pdf in the browser to own your phone -- that makes it a flaw, most definitely.
Re: (Score:3, Funny)
This is a feature in the same way the antenna problem is: "Well, at least I get a free bumper out of it!"
Re: (Score:2)
Because of jailbreak apps like Installous, and MyWi, and My3G. The first lets you pirate App Store apps, violating terms and screwing Apple & the developers of the Apps. MyWi and My3G piss AT&T and the other carriers around the world off because they let you use a service provided in a way they didn't intend you to use.
I'd suspect even Google would make more effort to lock down Android if stuff like Installous was floating around there (is it? I have no idea).
Re: (Score:3, Informative)
I'd suspect even Google would make more effort to lock down Android if stuff like Installous was floating around there (is it? I have no idea).
You don't need anything like Installous on Android, because Android doesn't limit where you can install apps from. Once you check the "Allow installation of non-Market applications" option, you can just point the browser at a link to a .apk file.
Google is addressing paid-app piracy, but not by locking down the OS. Instead, they're letting apps check with Google's servers to verify that the app has been purchased by the person who's running it.
Re: (Score:2)
I'd suspect even Google would make more effort to lock down Android if stuff like Installous was floating around there (is it? I have no idea).
You don't need anything like Installous on Android, because Android doesn't limit where you can install apps from. Once you check the "Allow installation of non-Market applications" option, you can just point the browser at a link to a .apk file.
Google is addressing paid-app piracy, but not by locking down the OS. Instead, they're letting apps check with Google's servers to verify that the app has been purchased by the person who's running it.
How is that addressing the problem? Are they not aware that crackers can remove such simple protections (for examples see every desktop application ever pirated).
Re: (Score:2)
Well clearly they are most concerned with the appearance of addressing the problem, not the problem itself. I mean this sounds like it could be defeated with an entry in /etc/hosts, nevermind bothering to crack each app. Android being completely open will have no problem running a local daemon saying yes to everything you throw at it, I'm quite sure. Encryption is scary and sounds too much like DRM for them to utilize in anything visible. (though bootloaders are apparently fair game?)
Either way digital lock
Re: (Score:2)
I mean this sounds like it could be defeated with an entry in /etc/hosts, nevermind bothering to crack each app. Android being completely open will have no problem running a local daemon saying yes to everything you throw at it, I'm quite sure.
You can't edit /etc/hosts without rooting, and a local daemon won't be able to mimic the official licensing server if the protocol uses any sort of encryption (which I presume it does, because Google isn't stupid).
It's easy to see how "Allow installation of non-Market applications" will become *the* preferred method of software installation due to it being the only constant among handsets; the Market Place is only on special Google devices
This has not happened after almost two years of Android. Yes, there are devices without access to the Market. Those devices suck, and people who care about apps stay away from them.
and clearly Carriers will foist their own horrible interpretations of what they think an App Store should be, nobody will use them of course.
This has not happened either, as far as I know.
I don't predict App Stores on Android to be fruitful given this landscape,
Neither do I, because the Android Market already does what most people
Re: (Score:2)
It doesn't completely prevent piracy; that's impossible without moving to a complete "trusted computing" dystopia.
What it does is raise the bar. It prevents the easy, casual kind of piracy where you copy the .apk off one device and onto another. Now you have to modify the code, which requires some level of skill and familiarity with the intimate details of Dalvik. It also breaks the original .apk signature, which changes the identity of the app, which has consequences for updating the app and sharing data b
Re: (Score:3, Insightful)
Certain a feature, if by feature you mean a remotely exploitable root vulnerability. Yes, definitely a feature. For crackers.
For the rest of us it's a pretty critical flaw, namely one that can 0wn yr ph0ne by visiting a malicious website.
Re: (Score:2)
Flaw - exploiting, circumventing or bypassing security / hardware / software mechanisms via holes/flaws in the design
Feature - functionality that the device was intended to perform
Hack - adding functionality that the device was not made to perform
It's a hack, by breaking out of the sandbox and run applications / enable functionality that the device wasn't intended to run.
OT, I think your post should be modded insightful!
Re:Rather unlikely scenario required (Score:5, Insightful)
Um, the fact that jailbreakme.com works is proof that all those things are lining up perfectly. This is a real working exploit.
The funny thing is it's not even accurate (Score:2, Interesting)
Two unpatched flaws
The really funny thing is, that by adding those words they made the statement wrong - there are patches (PDF for sure), already in 4.1. 4.1 includes a PDF fix for a Mac OS X vulnerability reported on well before this week.
But 4.1 is not yet public (though it should be very soon now).
Re: (Score:2)
Well that's the definition of unpatched flaw. Unpatched in this context does not mean that nobody has a fix, it means that there is no patch available to the general public of the iPhone.
Moreover, 4.1 is still in beta. If it happens that the patch fails the beta, by for example causing side-effects with some user, Apple may not have the choice but to put it out of 4.1, or delay 4.1.
Re: (Score:2)
I'm not sure where you get the idea that patched flaws are harmless. In the industry these are commonly called "1-day" exploits. There is an entire community centered around the analysis of vendor updates and patches in order to figure out the exact nature of the security flaws which are being patched -- these flaws are then exploited in the wild on systems which aren't patched yet.
The whole world doesn't suddenly get fixed when a vendor releases an update. You may have thousands or millions of vulnerable s
Re: (Score:2)
Where you got that idea from I do not know.
In context, do you expect "two patched flaws show up in foo". The headline insinuated the flaws are new (to "show up"), if they had been patched surely it is a logical conclusion to say that the flaws have previously been discovered. Even if a patch fails to fix a known exploit, is it not reasonable to say the flaws are still unpatched?
Saying the flaw was "unpatched" was done for effect an
Re: (Score:2)
iOS 4.1 beta 3 came out only a week after beta 2. Usually beta releases are two weeks apart. This indicates 4.1 should be out Real Soon Now. They also fixed the iPhone 4 proximity sensor issue in b3. It also looks like 4.1 works better on older iDevices (iPhone 3G, iPod touch 2nd gen) than 4.0 does (which was rushed out to meet the iPhone 4 shipping date not doubt).
Re: (Score:2)
And this poses an conundrum for those that jailbreak with this flaw. Assuming it doesn't fix the flaw itself, you're still left exposed with a device vulnerable to malicious rooting.
Do you sit on your unpatched version of iOS, knowing that any malicious site can root your handheld device, or do you give up the freedoms you obtained and patch for safety?
Patch may not affect jailbreak. (Score:2, Informative)
Often the patches will not undo already jailbroken systems. So there's that possibility.
But if someone finds they like the jailbreaking, they can just use whatever mechanism will come along to jailbreak 4.1. Usually it's not as dramatic as a browser bug and it involves running an application on your main computer to alter your attached device, but it's easy enough for anyone interested to keep going.
Another option is that jailbreakers can simply replace the 4.0 PDF library with the 4.1 version (if compati
Re: (Score:2)
There'll likely be other ways of jailbreaking. PwnageTool supported jailbreak pretty soon after 4.0 dropped.
Wait for the dev team, patch your phone and carry on.
Re: (Score:3, Informative)
Re: (Score:2)
So when android takes over iPhone market. Can we be as smug about volerabilies that come up.
Re: (Score:2)
Command Syntax of the ultimate computer languge: DoWhatIWant() DoItFaster(Function), eg. DoItFaster(DoWhatIWant()
It still won't work because you are missing a closing parenthesis at the end.