Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
IOS Bug Security Apple Technology

Apple Patches iPhone Jailbreaking Bug 36

Apple has released today an iOS security update to patch a bug the company accidentally un-patched in an earlier release, introducing a security weakness that allowed hackers to craft new jailbreaks for current iOS versions. From a report: The original bug, discovered by Ned Williamson, a Google Project Zero security engineer, allows a malicious app to exploit a "user-after-free" vulnerability and run code with system privileges in the iOS kernel. iOS version 12.4.1, released today, re-patches this bug that was initially fixed in iOS 12.3 but was accidentally unpatched in iOS 12.4, last month. Sadly, Apple's blunder didn't go unnoticed and earlier this month, a security researcher named Pwn20wnd released a public exploit based on Williamson's bug that could be used to jailbreak up-to-date iOS devices and grant users complete control over their iPhones. But while users taking a risk and jailbreaking their own devices doesn't sound that dangerous, a lesser-known fact is that malware operators and spyware vendors can also use Pwn20wnd's jailbreak as well.
This discussion has been archived. No new comments can be posted.

Apple Patches iPhone Jailbreaking Bug

Comments Filter:
  • by PPH ( 736903 ) on Monday August 26, 2019 @02:56PM (#59127024)

    ... put a comment in the code to the effect that this particular flag is not to be messed with.

  • Apple's being good? (Score:3, Interesting)

    by Minupla ( 62455 ) <minupla@gmai[ ]om ['l.c' in gap]> on Monday August 26, 2019 @02:56PM (#59127026) Homepage Journal

    Apple left a method in place to allow users to obtain root on the devices they own safely without hackers taking over their devices, right? Because its all about keeping evil malware off the devices, and not keeping people who actually own the devices from exercising that ownership right, correct?

    Thought not.
    Min

    • by dfm3 ( 830843 )
      The problem (and yes, I see it as a problem too because I want to be able to get root on the devices that I OWN) is that there's no foolproof method for allowing tech savy users to gain full access without some scam artist being able to con gullible users into walking through the steps, no matter how convoluted...

      "We detected a virus on your phone! It's so advanced that a simple app from the app store can't repair it! Let me walk you through the steps to installing our cleaner software and restoring your
  • user-after-free? (Score:4, Insightful)

    by 110010001000 ( 697113 ) on Monday August 26, 2019 @02:58PM (#59127030) Homepage Journal

    Um, are you sure it isn't "use-after-free"?

  • by caseih ( 160668 ) on Monday August 26, 2019 @03:07PM (#59127062)

    I strongly prefer to have full access to all the devices I own. I used to do the jail-breaking thing back during the early days of the first iphone and ipod. But it's just not worth it. If you want a device you actually own, you'll have to buy something other than an Apple device.

    Unfortunately Android is a bit of a wasteland also, with its own share locked up phones, crappy cheap phones with dodgy firmware, and wasting hours pouring over long, unstructured forum posts. I think Android phones suck generally but I like them better than iPhones.

    For the unwashed masses, I can understand why Apple locks things down the way they do. It's good for them, but it's also good for their customers.

    • given in to peer pressure and spent their good money for computers (euphemistically called "telephones") full of proprietary hardware and software that cannot be prevented from spying on their owners and everyone around them? Illogical.
    • Unfortunately Android is a bit of a wasteland also, with its own share locked up phones, crappy cheap phones with dodgy firmware, and wasting hours pouring over long, unstructured forum posts.

      Once upon a time two major designs had nearly all the desktop personal computer / business workstation market: Apple Macintosh (a walled garden - no programming tools available short of buying an Apple Lisa), and IBM PC and its clones (based on an open hardware design but with lots of variations in peripherals, main b

      • by caseih ( 160668 )

        Despite these amazing open source projects, I just don't see ARM-based hardware (phones especially) ever becoming open in the same sense as the original IBM PC design became (despite IBM's attempts to stop it). ARM is a decent architecture but it's hobbled by proprietary boot loaders and chipsets, and a general lack of standardization requiring binary blobs for a lot of things. It's amazing Android runs on all these different phones as well as it does. I can't really see ARM supplanting Intel anytime so

    • I'd like to have full access too. Sadly, that's not in the interest of either the hardware manufacturers neither the OS makers (Google, Apple) nor the phone carriers. Creating closed or semi-closed devices has too many advantages for them and thus it's what we got.
      It's a pity Nokia's Maemo didn't catch on because it run a full Linux system and gave the user more freedom than current OS (I'm not sure if it allowed root access).
    • I think "unwashed masses" is needlessly pejorative. In my 20s I ran my own mail server and had opinions on Linux (Slackware forever) vs. FreeBSD and now I just cannot be FUCKED to care about any of that. Faffing about with my phone like that holds no interest to me, any more than hacking my toaster oven might. My phone is a pocket internet appliance. I want it to work, I want it to be relatively secure, and when I want a new one, I want it to be an upgrade over the one I bought 4 years ago if possible. Probably in another 20 years I won't care about the upgrade part.

      I want a company like Apple to take it seriously so I don't have to.

  • "Sadly?" (Score:5, Insightful)

    by tambo ( 310170 ) on Monday August 26, 2019 @03:10PM (#59127080)

    Sadly, Apple's blunder didn't go unnoticed and earlier this month, a security researcher named Pwn20wnd released a public exploit based on Williamson's bug that could be used to jailbreak up-to-date iOS devices and grant users complete control over their iPhones.

    What's with this "sadly" shit? It's a good thing for people to be able to control the devices that they purchase and own outright.

    • by tlhIngan ( 30335 )

      Sadly, Apple's blunder didn't go unnoticed and earlier this month, a security researcher named Pwn20wnd released a public exploit based on Williamson's bug that could be used to jailbreak up-to-date iOS devices and grant users complete control over their iPhones.

      What's with this "sadly" shit? It's a good thing for people to be able to control the devices that they purchase and own outright.

      People include government agents, including customs officials who would love to "inspect" your phone. Or countries wher

    • Also, maybe if Apple would make some of the more standard tweaks available in iOS less people would want to jailbreak. Case in point...

      iOS 4x4 : 4 icons in dock = 20 icons per page
      Mine 5x6 : 5 icons in dock = 35 (reduced size by 80%)

      And I could have more if I wanted. Why is simple customization like this still not available?

    • That was written from the point of view of Apple :P
    • No, that's definitely good. The problem is the same exploits used to enable jailbreaks can be used for malicious purposes, which is not great. Until we get laws that compel phone vendors to unlock off-contract devices for personal use, we're going to have to keep breaking into our own devices in the same way that threat actors would just to use them how we want to. It's fucking stupid. At least the Library of Congress specifically lists jailbreaking as an exception to the DMCA anti-circumvention laws so it'
      • Apple dosen't care, because it's phones are marketed at fashionista-boi's, like Gucci products are. They won't listen to you and they will never listen to you. The Apple that made the Apple ][ is long, long, long gone.
      • At least in the US, if the phone goes off contract the phone company is required by law to unlock the phone. It has been that way for several years. They won't do it automatically, you have to ask.

  • Don't update to 12.4.1 or above.
  • by account_deleted ( 4530225 ) on Monday August 26, 2019 @07:12PM (#59127818)
    Comment removed based on user account deletion
  • When will they fix the Pegasus exploit hack that some company in Israel claims to have?
  • I bet these clowns will 'lose' millions of credit card numbers and never go to jail for it. I vow to fight and slay these illigitimate kings.
  • It finally happened! Upon the news I immediately turned off Auto-Update on all my I devices and canâ(TM)t wait to jailbreak 3 devices! Fuck Apple and long live the Hackintosh! God bless this mess!!!! #freedom Anyone wanting to do a proper Jailbreak please google for Redmond Pie instructions as these come from a trusted source https://www.redmondpie.com/jai... [redmondpie.com] You paid for it now enjoy your device!

The explanation requiring the fewest assumptions is the most likely to be correct. -- William of Occam

Working...