Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Iphone Apple

Apple Outs Anti-Jailbreak Update 429

Stoobalou writes "Apple has issued an emergency update for devices running the iOS 4 mobile operating system. iOS 4.0.2 plugs the security hole exploited by the iPhone Dev Team to allow pain-free jailbreaking of the iPhone 4 and its manifold siblings as well as... actually, that's about it."
This discussion has been archived. No new comments can be posted.

Apple Outs Anti-Jailbreak Update

Comments Filter:
  • If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.

    • by EricTheRed ( 5613 ) on Thursday August 12, 2010 @07:59AM (#33227084) Homepage

      If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.

      That's true. Although recently jailbreakme got some legal footing about the legality of jail-breaking a phone, the way they did it was an issue, so it's good that the hole was broken.

      Another good example, not of bricking a phone, was shown on the UK tv news last night - of an example app on Android being able to record arbitrary audio after performing a similar hack.

      So although this says it's anti-jailbreak, that's just secondary - it was one hell of a hole in the first place.

      • by Pojut ( 1027544 ) on Thursday August 12, 2010 @08:02AM (#33227126) Homepage

        Thirded. Usually I would say Apple was just trying to keep people from unlocking their phones...but I think that was just a symptom of the problem they were trying to fix here.

      • by mmkkbb ( 816035 )

        Although recently jailbreakme got some legal footing about the legality of jail-breaking a phone, the way they did it was an issue, so it's good that the hole was broken.

        Was jailbreaking a phone ever prosecuted as an illegal act? I think that ruling by the LoC is a bit overrated.

        • Re: (Score:3, Insightful)

          by Moryath ( 553296 )

          I would rather have seen a court ruling banning the prevention of jailbreak-type behavior, not just for phones, but for all consumer devices (game consoles, handheld items like e-book readers, etc).

          The custom firmware setups for the PSP, for instance, are leaps and bounds ahead of the "official" firmware function-wise. PDF and image reader functions, improved video playback formats that the PSP firmware doesn't have (and in smaller space too), the ability to independently control the processor speed yoursel

      • Re: (Score:3, Informative)

        by farble1670 ( 803356 )

        Another good example, not of bricking a phone, was shown on the UK tv news last night - of an example app on Android being able to record arbitrary audio after performing a similar hack.

        citation please.

        i ask because i really doubt it was a similar hack. most of these so-called android trojans and viruses rely on 1) getting a user to install a non-market app for which they need to have explicitly allowed in their settings and 2) granting the app permissions to do malicious things.

    • by MikePikeFL ( 303907 ) on Thursday August 12, 2010 @08:00AM (#33227092)

      Exactly- phrased differently- "A vulnerability actively being exploited in the wild was patched".

      Granted, some of those actively exploiting it were the owners of the devices... but hey. You seriously don't know if it was being exploited by others for financial gain. If they were that good, you'd never know. I'm all for patching the vuln.

    • by oodaloop ( 1229816 ) on Thursday August 12, 2010 @08:03AM (#33227142)
      Bricked? I thought you could just re-synch your phone and restore it.
      • Re: (Score:3, Interesting)

        by hey ( 83763 )

        > 2010: The Year of the Linux Phone

        It is! Android and others!

      • by bsDaemon ( 87307 ) on Thursday August 12, 2010 @08:32AM (#33227374)

        In modern parlance, "bricked" means "mildly inconvenienced for about 30 minutes" rather than "made completely inoperable to the point where the hardware is now about as useful as a standard brick" and "zero day" means "sometime within the next 5 years after the actual software was released in the first place."

        • by BarryJacobsen ( 526926 ) on Thursday August 12, 2010 @09:11AM (#33227732) Homepage

          In modern parlance, "bricked" means "mildly inconvenienced for about 30 minutes" rather than "made completely inoperable to the point where the hardware is now about as useful as a standard brick" and "zero day" means "sometime within the next 5 years after the actual software was released in the first place."

          Well, hell hath no fury like a geek who's been mildly inconvenienced.

        • Re: (Score:3, Insightful)

          by Xacid ( 560407 )
          Seriously? Now I'm feeling old. I still thought it meant that.
    • by mdwh2 ( 535323 ) on Thursday August 12, 2010 @08:09AM (#33227200) Journal

      Indeed. And similarly, it was wrong that the original news of the exploit was publicised as a good thing (or, at worst, neutral), rather than being publicised as a major security hole (like you know they would have had it have been something like Internet Explorer).

      Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality. But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits; or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.

      • by Pojut ( 1027544 ) on Thursday August 12, 2010 @08:23AM (#33227296) Homepage

        Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality. But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time

        They're afraid of being modded down.

      • by Anonymous Coward on Thursday August 12, 2010 @08:23AM (#33227298)

        I thought android phones needed to be "rooted". Double standard much?

        • Re: (Score:3, Informative)

          by cduffy ( 652 )

          I thought android phones needed to be "rooted".

          Some Android phones. And if you have a dev bootloader (ie. the folks you bought your phone from aren't assholes), there aren't any security exploits involved in the process anywhere.

          Also, the set of things you can do on an Android phone without root is substantially larger than the set of things you can do on a non-jailbroken iPhone (replacing the built-in apps, for instance).

          • Re: (Score:2, Flamebait)

            Some Android phones. And if you have a dev bootloader (ie. the folks you bought your phone from aren't assholes), there aren't any security exploits involved in the process anywhere.

            Also, the set of things you can do on an Android phone without root is substantially larger than the set of things you can do on a non-jailbroken iPhone (replacing the built-in apps, for instance).

            - Even Google's own Nexus One needs to be rooted [lifehacker.com].
            - Replacing the bootloader similarly isn't easy to begin with and not getting any easier either : "DroidX bootloader locked tight [droiddog.com]." And it will only get worse now Google itself is out of the handset game.
            - The most popular Android phones come with undeletable crapware [latimes.com].

            I want to like Android, I really do, but it doesn't help that most of the things people say about it are half-truths at best.

        • Re: (Score:2, Informative)

          by Anonymous Coward

          androids don't "need" to be rooted unless your particular phone company disables functionality that you want to use. The most relevant example of this is tethering, most phone companies will only enable it after you agree to pay $xx/month more for the privilege to use functionality your phone has native support for.

          That said, I've never owned an iPhone so I don't know what you gain by jailbreaking it.

        • by delinear ( 991444 ) on Thursday August 12, 2010 @08:45AM (#33227478)
          Android phones only need to be rooted if you're doing something that requires root access - for everything else running unsigned (i.e. third party, non-market) apps is simply a matter of unchecking a box in the settings, so no, it's not quite the same thing (as you'd know if you had ever tried to send an MP3 via bluetooth from an Android phone to an iPhone, for instance - they both have this ability but only one allows you to do it without rooting the device).
        • by mlts ( 1038732 ) * on Thursday August 12, 2010 @09:06AM (#33227690)

          A rooted Android phone is almost always still decently secure, and usually the rooting process involves something with adb, something a Dalvik VM app will be hard pressed to get unless it asks for permissions.

          Say a piece of malware gets downloaded from Google's Marketplace. The su app pops up asking, "hey, the Vomitron Toaster app wants root privs?" Anyone with a clue is going to tick "no" and "remember this decision". In a couple hours after the app gets flagged, Google fires off the kill switch and the app gets zapped from the store and phones.

          Rooting gives one more functionality, but it doesn't significantly add functionality to a device like an IOS JB does.

          Here is the funny thing. If I want a command line shell to do stuff on a phone, Android is easy -- download a terminal app. The iPhone, I need to do the following:

          1: JB the device.
          2: Hunt down "MobileTerminal 426", the Debian package.
          3: Get on a wireless network.
          4: Enable OpenSSH.
          5: ssh into phone, change root and mobile password to something respectable (20+ characters.)
          6: scp the Debian package and install it.
          7: Install sudo from Cydia and configure it so I don't need to type in the insanely long password when I want root access.
          8: Edit /etc/sshd/sshd_config to only allow access via RSA key, and disallow root access.
          9: Make sure the sshd is turned off in SBSettings unless it is needed. It will turn back on after a reboot.

          All this so I can have full command line access to my iPhone and a method of copying files to and from the filesystem without restriction. The reason why I do the gymnastics with sshd as opposed to uninstalling it is so I can sftp in.

          To boot, the only command line terminal app [1] that works on the iPhone (the Terminal app in Cydia is not iOS4 compatible and crashes on startup) doesn't seem to have the ability to do control keys other than control-C. Of course, I wonder if I can just use a normal app and ssh to loopback, but so far, that hasn't worked unless the device is on a Wi-Fi network.

          Personally, if someone can make a good terminal emulator and put it on Cydia, I'd pay $5-$10 for it. Especially if it has an easy mechanism for doing control and meta keys, so if I feel insane enough to run emacs, I can.

          [1]: A true terminal app that uses a shell and such. There are apps for ssh and such, but those don't have access to the whole phone's filesystem, and I doubt they would get approved if they had the ability to do so.

      • Be fair - its "advanced" functionality that comes with a modest but non-zero set of additional responsibilities for the user, along with a moderate amount of additional power. If it was truly "basic functionality" then there wouldn't be many millions of people quite successfully and happily using their devices without it.

        • A file browser, the ability to share files via bluetooth or to install whatever software you want are pretty basic these days, computers and even phones have had such functionality for many years (I had a mid-range phone back in 2004/5 that could do all this). People compromise on form over function all the time (that's why supercars lack a lot of the basic amenities of the family run-around, or stiletto heels are cripplingly bad for women to walk on, but people buy them anyway) - it doesn't mean they would
      • Re: (Score:2, Insightful)

        "Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality."

        If you think jailbreaking is necessary to enable "basic functionality" on an iPhone, I'd love to see what your definition of basic functionality is. I think you meant to write "advanced and technical functionality that relatively few people really need [want]." While I don't have an iPhone, I have an iPod Touch that I use constantly for school, work, and fun. After jailbreaking it to see what the hype was about
        • by mlts ( 1038732 ) *

          I just wish that Apple would put a mechanism in similar to what Android has in place where apps can go validate they are licensed to run on the device, and if not, don't run, or point the user to the App Store to buy a licensed copy. This way, the security of apps won't be reliant on keeping users from JB-ing their devices.

          With Google's new API to check if an app is licensed, pirates have to hack each app, one by one, in order to get them working on unauthorized phones. Maybe Apple can follow suit, so peo

      • Indeed. And similarly, it was wrong that the original news of the exploit was publicised as a good thing (or, at worst, neutral), rather than being publicised as a major security hole (like you know they would have had it have been something like Internet Explorer).

        This is Apple news, it's always a cause for whining. Jailbreak ? OMG HAX, it's the end the world! Security update ? OMG, evil Apple want to stop users taking control of their device.

        Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality.

        This is bullshit, basic functionality ? You gain the ability to run unsigned, unapproved software. A locked iPhone will do the same as any locked smartphone.

        But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits

        The media praise Apple all the time ? This is bullshit on the same order as the "liberal media." It's confirmation bias: you get annoyed by stories that you perceive as pro-

      • What basic functionality?

        Tethering? The phone already does that, without jailbreaking. Installing non-app store apps? I wouldn't call that basic - the phone is just not designed and promoted to work that way (ie, if you want to do other things with it, you're moving away from 'basic' and into 'unsupported, potentially advanced' functions).

        The biggest reason I've seen for jailbreaking my phone (although I haven't done so) is to enable use of the phone as an AP, rather than having to tether to my Powerbook and then share my wifit that way, but the number of times I've needed to share my connection when there's been nothing but 3G access is limited. Either way, that's hardly basic functionality.

        I guess VoIP is verging on basic, but there are apps that work over wifi - the 3G restrictions are carrier based.

        I agree that this exploit has been spun the wrong way - as a positive thing to enable easy jailbreaking. Any security hole is never a positive thing, regardless of the beneficial things you can do with it. I'm glad it has been addressed, although I am hoping it will also be fixed for users of 2G and 3G iPhones who haven;t upgraded to iOS4.

        • by gravis777 ( 123605 ) on Thursday August 12, 2010 @10:50AM (#33228930)

          I have found a few reasons for jailbreaking - and I used Jailbreakme to break it. The first is backgrounding Apps. Apple, in their "brilliance", decided to limit this to just the iPhone 3GS and the iPhone 4. I can now run Pandora in background on my iPhone 3G. Second are things that add or compete with Apple apps. Being able to download files in Safari is a huge thing. So are running ports of VLC that allow me to play files other than in the crazy resolution and .h264 that Apple requires - i can now play MPEGs as well as a few other formats. Another app I have lets me download youtube videos. Sure, I can fire up my PC, use firefox and flashgot, pull the videos, run them MediaCoder or Adobe Meida Encoder, import them into iTunes then sync my iPhone, but this is way more convienent.

      • But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits; or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.

        With the exception of right wing political media that get together for weekly talking points, "The Media" doesn't collude together for a common focus. Most reporters know next-to-nothing about the beat they cover unless it is a personal passion, and expecting them to dig deep is incredibly naive, especially in a time like today when a skeleton crew covers virtually everything.

        You have people like Engadget saying "hooray, we can root our iPhones!" and you have people like CNet saying "iPhones are hot

    • by beelsebob ( 529313 ) on Thursday August 12, 2010 @08:22AM (#33227290)

      It's amazing that slashdot can spin this as anything other than a good thing. Bottom line – the phone had a serious security vulnerability that allowed people to brick/use the phone for various nefarious tasks. Apple fixed it, spinning this as anything other than an important bug fix is downright irresponsible.

    • Where is the "Obvious" mod thing when you need it? I think it was pretty clear and obvious that any exploit that originates from outside needs to be patched and fast. That was the first thing I thought when the jailbreak web page was announced.

      Here's what gets me though -- it really took a frightening amount of time for that one to get patched and released. I expected a week or less and it was longer than expected. But I have to say that this puts Apple's OS at least on par with Windows and, quite frank

      • The exploit didn't originate from outside, the exploit is a flaw in the OS - unless you just mean an exploit in the OS which was actively being targetted by users from outside (it's worth clarifying as there was a lot of assumption in the beginning that this was somehow Adobe's fault since it was the PDF renderer).
    • by Jurily ( 900488 )

      Imagine having your phone bricked because you viewed the wrong PDF on some website.

      Imagine a world where you don't have to break into your own device.

  • by AmazinglySmooth ( 1668735 ) on Thursday August 12, 2010 @07:57AM (#33227058)
    I appreciate jailbreaking, but security is more important. What about older devices? Maybe McAfee or Symantec will have a solution.
    • Re: (Score:3, Interesting)

      by marcansoft ( 727665 )

      The evil "jailbreak vendors who say you shouldn't upgrade" (term used by F-Secure) have stated that they will be releasing a fix for the exploit on the iPod Touch 1G and the iPhone 2G. Ironically, this means that all owners of such devices MUST now jailbreak unless they want to be vulnerable to this exploit forever.

      McAfee? Symantec? You seriously expect them to do something useful instead of whining about how Apple doesn't let them write software to hog down your phones even more?

      • Yup, already out for testing [iphone-dev.org].

        Thu Aug 12 15:20:25 unknown MobileSafari[421] : MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/PDFPatch_CVE-2010-1797.dylib
        [...]
        Thu Aug 12 15:20:56 unknown MobileSafari[421] : Prevented PDF Exploit
        Thu Aug 12 15:20:56 unknown MobileSafari[421] : FT_Load_Glyph failed: glyph 1: error 130.
        Thu Aug 12 15:20:56 unknown UIKitApplication:com.apple.mobilesafari[0xc4c][421] : Thu Aug 12 15:20:56 iphone MobileSafari[421] : FT_Load_Glyph failed: glyph 1: error 130.

        And suddenly jailbreaking is the smart security option for all the users that Apple left behind.

        • And suddenly jailbreaking is the smart security option for all the users that Apple left behind.

          Isn't that the general rule of thumb for devices once they reach the end of support - do all the fun hacky stuff that you want, and if you break it you end up with an excuse to upgrade :P

    • by Pojut ( 1027544 ) on Thursday August 12, 2010 @08:09AM (#33227198) Homepage

      Maybe McAfee or Symantec will have a solution.

      nah, I think the vulnerability is bad enough...you're not hoping it would get WORSE, do you?

    • Unfortunately 2 years after the last date of sale seems to be the absolute maximum Apple is willing to actually support their products. iPhone 3g was released in July of 08 and about 2 years later Apple stopped supporting it leaving it vulnerable, ditto for Tiger, Leopard went on sale in late 07 and the last Tiger security update(ignoring Safari updates) was September of 09. If Apple wants to be taken more seriously in the corporate environment they MUST be willing to support their products for at least 3
  • Cellphones. (Score:3, Insightful)

    by Anonymous Coward on Thursday August 12, 2010 @07:57AM (#33227062)

    There are a million of them. Why not buy one you don't have to jailbreak?

    Bet it'd be cheaper too.

    • Re:Cellphones. (Score:5, Insightful)

      by MightyYar ( 622222 ) on Thursday August 12, 2010 @08:24AM (#33227306)

      I can think of a few reasons:

      • All of your friends have iPhones and you feel the need to have one as well.
      • You need to feel like you are part of an "in" crowd.
      • You genuinely like the hardware but want to load new software on the device.
      • You genuinely like the hardware AND software but want to run a forbidden application.
      • It works with your car/stereo/home automation system and you have no choice short of losing that functionality.

      There are probably many other reasons. Personally I do not have any kind of smartphone - they are all too big for me. But I do have an iPod touch, and the software is very slick - though strangely it is not a great MP3 player :)

      • Re: (Score:2, Insightful)

        by Trufagus ( 1803250 )

        You forgot a huge reason.

        You bought DRM'ed media from Apple in the past and Apple won't let you play it on their competitors' devices.

      • Re: (Score:3, Insightful)

        I can think of a few reasons:

        • All of your friends have iPhones and you feel the need to have one as well.

        That's a stupid reason, grow a god damn backbone.
        If your friends kill themselves, wil you too?

        You need to feel like you are part of an "in" crowd.

        Even more ridiculous, only feeble minded people buy for that reason, and those people tend to be idiots.

        The others are more or less valid, but still make it seem like a crappy platform

    • I can think of one reason [slashdot.org].

      (kidding)

  • Bummer (Score:3, Funny)

    by Codename Dutchess ( 1782238 ) on Thursday August 12, 2010 @07:57AM (#33227066)

    Now we're going to have to wait a week before another exploit is released publicly. Shucks.

  • by Anonymous Coward

    ...while the exploit is only used (that we know of) for the jailbreak at this point, it could potentially be used for much worse...to wait for the next more substantial update to patch the exploit would be careless on Apple's part.

    • ...while the exploit is only used (that we know of) for the jailbreak at this point, it could potentially be used for much worse...to wait for the next more substantial update to patch the exploit would be careless on Apple's part.

      If the good guys know about an exploit the bad guys have probably been exploiting it for a while. I miss the good old days when a virus just meant your hard drive was hosed.

  • by bbtom ( 581232 ) on Thursday August 12, 2010 @08:01AM (#33227102) Homepage Journal

    We have to go back to jailbreaking the old fashioned way with a computer and a USB cable - it'll take ten minutes rather than five now and require you to RTFM. And all because Apple wants to fix a gaping security hole. DAMN THEE DRACONIAN STEVE JOBS!!1!

    • You do realize that this is currently the only way to jailbreak on an iPhone 4 and newer iPhone 3GS, right? Unless you have SHSHs on file and can therefore downgrade to 4.0.1 (and subsequently use jailbreakme), you're stuck without a jailbreak for now.

  • by grimsweep ( 578372 ) on Thursday August 12, 2010 @08:01AM (#33227106)
    I am curious as to how much longer we will go until the next security hole isn't used so benevolently.

    Who's up for a virus that can't be removed by the user once it's in? How about a friendly bugger that takes advantage of your contact list? For that matter, let's bring back the old dialer viruses and have your phone call a 10$/minute hotline every night for an hour.
    • I am curious as to how much longer we will go until the next security hole isn't used so benevolently.

      Who's up for a virus that can't be removed by the user once it's in? How about a friendly bugger that takes advantage of your contact list? For that matter, let's bring back the old dialer viruses and have your phone call a 10$/minute hotline every night for an hour.

      You mean like the recent Android SMS trojan [slashdot.org] ? We're actually pretty lucky to have guys like the dev-team around hunting for bugs. Keeps Apple on their toes and the found vulnerabilities get patched.

  • The best part (Score:5, Informative)

    by Halo1 ( 136547 ) on Thursday August 12, 2010 @08:03AM (#33227148)

    Apple has not released the fix for the iPod Touch 1G and the iPhone 2G, so the iPhone Dev Team themselves are working on a fix [iphone-dev.org] that will work on all devices. So you'll be able to basically jailbreak and then plug the hole that was used to do it.

  • So this doesnt address the performance issues many ipod-touch/3g owners have been experiencing?

    • Fix is supposedly coming in iOS 4.1 though I've heard resetting network settings to factory default and doing a hard reboot helps in some cases.

  • I still am amazed that Apple releases the iPhone code with simple, easy to discover passwords that are the same across every device. That is UNIX rule 101 - "protect root". Knowing the password means that if you can execute arbitrary code on the iPhone via any means, you can su to root and break out of the user space security protection. User priviledge controls have been the basis of UNIX security for as long as UNIX has been around (as it has been for most OSs to more or less a degree)

    If the iPhone had

    • Re: (Score:3, Informative)

      by marcansoft ( 727665 )

      You can't su to root. There is no su on a stock iPhone. The privilege escalation from the PDF exploit was accomplished using a kernel vulnerability, not su.

      The passwords mean nothing until you jailbreak and actually put a reasonable UNIX userland on the phone.

  • by Kumiorava ( 95318 ) on Thursday August 12, 2010 @08:18AM (#33227260)

    I wouldn't be jailbreaking my iPhone if there was a way to remove SIM lock. Right now Apple & AT&T has forced me into a situation where AT&T won't provide unlock code (asks to go some unlock shop and pay for the unlock) and Apple doesn't really care. Only option is to jailbreak to get blacksn0w running.

    If Steve/government (in many countries in Europe it is mandated that after contract period unlock key is given) would force AT&T to provide unlock codes for everyone out of contract then most of the jailbreaking business would go away.

    • by tgd ( 2822 )

      These days I mostly jailbrean when I can to ensure I have the ability to downgrade the phone in the future. They've released far too many buggy versions to be at the mercy of Apple's whim as to if I can downgrade again.

  • 1. These sorts of exploits are found for every device all the time. This one was just famous because people used it to get root access to their own phone.

    2. @comex et al are not immediately irresponsible and evil for exploiting and exposing a vulnerability. Isn't that what DEFCON and BlackHat devote entire conventions to?

    3. If Apple just provided a safe way to get root access to your own device (like every other computer you've ever purchased) people wouldn't have to resort to using security holes.

    4. With t

  • And yet the activesync lock-up remains....

  • Doesn't this update just patch the PDF exploit and not the other methodologies used by Dev-Team to jailbreak? And wasn't the PDF exploit developed by someone not on the Dev-Team? I'll gladly stand corrected if this is not true, but I thought I read this somewhere.

  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Thursday August 12, 2010 @08:49AM (#33227512)
    Comment removed based on user account deletion
  • ... it is "Apple plugs iDevice security hole" but that isn't so catchy with the anti-apple drones on here.

    the hole plugged that stops some jailbreak from working could be exploited via malicious guys on the net to own your device via a hosted PDF. which isn't cool.

  • by SplatMan_DK ( 1035528 ) * on Thursday August 12, 2010 @10:08AM (#33228434) Homepage Journal

    The main article states that iOS4 is updated. That is incorrect.

    iOS 3x, or more correctly "iPhone OS 3" has also been updated in order to remove the flaw from iPads.

    - Jesper

  • by Francis ( 5885 ) on Thursday August 12, 2010 @12:29PM (#33230074) Homepage

    For jailbreakers who want to be safe and keep their jailbreak, search for "PDF Loading Warner" in the Cydia store. It's a pop-up that will warn you if Safari is attempting to load a PDF, so you can cancel it if you're not expecting to be viewing a PDF.

    For iPhone 2G and iPod Touch 1G users, there's no Apple-approved solution to the PDF exploit.

    The jailbreak community is working on an actual PDF patch to fix the exploit. This could be the only solution for iPhone 2G/iPod Touch 1G users, to jailbreak their device and install the patch.

    It's in test phase now, but you can get a copy: http://twitter.com/saurik/status/20958834996 [twitter.com]

news: gotcha

Working...