Apple Patches iPhone Jailbreaking Bug

Apple has released today an iOS security update to patch a bug the company accidentally un-patched in an earlier release, introducing a security weakness that allowed hackers to craft new jailbreaks for current iOS versions. From a report: The original bug, discovered by Ned Williamson, a Google Project Zero security engineer, allows a malicious app to exploit a "user-after-free" vulnerability and run code with system privileges in the iOS kernel. iOS version 12.4.1, released today, re-patches this bug that was initially fixed in iOS 12.3 but was accidentally unpatched in iOS 12.4, last month. Sadly, Apple's blunder didn't go unnoticed and earlier this month, a security researcher named Pwn20wnd released a public exploit based on Williamson's bug that could be used to jailbreak up-to-date iOS devices and grant users complete control over their iPhones. But while users taking a risk and jailbreaking their own devices doesn't sound that dangerous, a lesser-known fact is that malware operators and spyware vendors can also use Pwn20wnd's jailbreak as well.

And this time ...

[PPH]

... put a comment in the code to the effect that this particular flag is not to be messed with.

Re: And this time ...

[Wyspree Gamings]

Agreed

Re: Nobody really uses iPhone's anyway...

[Way Smarter Than You]

I'm on my third iPhone. Combined I've paid about $1350 since whenever the iphone2 came out. On a per year basis that's what? $100-130 a year? (No I'm not going to look it up, I don't care that much). How much have you spent on droids? How many 6 year old droids get upgrades to the latest software? How many droid exploits vs iOS are there? How many toxic malware ridden apps are in the apple vs google stores? I want my phone to work almost forever, with no hassles, and not worry that anything I down

Re:

[Anonymous Coward]

Not to piss in your corn flakes, but my origin HTC G1, the very first Android phone ever sold, still works fine, hardware-wise, even though it doesn't get updates. Battery is long dead, but that's what you get after north of a decade.

That said, I prefer the Galaxy series. Better performance, battery life, screen size--you name it.

Re:

[LordWabbit2]

I see you've drunk the coolaid. Apple forces people to upgrade their phones, and software that used to work stops working unless you upgrade. Or did you forget the class action suit against apple for that very fact? So you can trot out your bullshit excuses and bullshit facts for paying way too much money for a iPhone and their software and all the little costs and crap that gets tacked onto the cost of your phone as much as you like, but it's still bullshit.

I want my phone to work almost forever, with n

Re: Nobody really uses iPhone's anyway...

[Way Smarter Than You]

After 6 years I replaced my battery a few weeks ago for $50. Iphone6. How much have you spent on how many droids in the last 6 years? If you mean forced hardware upgrades that's bullshit. iPhone 6 in my hand right now I use every day. It's my only phone. If you're complaining about software upgrades than lmao because what devices or OS don't need regular updates? I asked a question, I got religious droid crap back. For a stable, long last, malware free device that just works, what should I buy? Hi

Re:

[K. S. Kyosuke]

How much have you spent on droids?

On average around $55 per year, apparently. That's including our ridiculous markups relative to the US prices. I just don't install crap.

Re: Nobody really uses iPhone's anyway...

[Way Smarter Than You]

So you spend $50 a year on a smart phone but can't install apps on "your phone" because it's unsafe? Why bother? Why not just a candy bar dumb phone from 15-20 years ago or a flip phone or whatever and be done with it? What benefit does your droid provide? I guess you get email and a web browser? I could do that on my iPhone 2 and just replace the battery every 5-6 years for $50. I owned 2 very serious top end droids of their day. I don't get the droid love. I found it annoying to have to admin my p

Re: Nobody really uses iPhone's anyway...

[K. S. Kyosuke]

How long did it take you to build that giant straw man?

Re: Nobody really uses iPhone's anyway...

[Way Smarter Than You]

Look up straw man. I used only your words. Have a nice evening. Thanks for playing.

Re:

[K. S. Kyosuke]

I said I don't install crap. You said I can't install anything "because it's unsafe". How's that not a straw man in the very first sentence?

Re: Nobody really uses iPhone's anyway...

[Way Smarter Than You]

Can you address *anything* I've said? No. You have repeatedly ignored all my points so don't whine if I misunderstood yours. I'm still waiting after multiple back n Firth's for you to address anything. iOS rocks. Droid sucks. Have the last word if you like but I assume you'll again ignore my points. And again, go look up straw man. Even my misunderstanding of your statement doesn't qualify. Please please please learn basic rhetoric phrases and technique if you're going to toss the words around. Rhe

Apple's being good?

[Minupla]

Apple left a method in place to allow users to obtain root on the devices they own safely without hackers taking over their devices, right? Because its all about keeping evil malware off the devices, and not keeping people who actually own the devices from exercising that ownership right, correct?

Thought not.
Min

Re:

[dfm3]

The problem (and yes, I see it as a problem too because I want to be able to get root on the devices that I OWN) is that there's no foolproof method for allowing tech savy users to gain full access without some scam artist being able to con gullible users into walking through the steps, no matter how convoluted...

"We detected a virus on your phone! It's so advanced that a simple app from the app store can't repair it! Let me walk you through the steps to installing our cleaner software and restoring your

user-after-free?

[110010001000]

Um, are you sure it isn't "use-after-free"?

iPhone never belonged to us anyway

[caseih]

I strongly prefer to have full access to all the devices I own. I used to do the jail-breaking thing back during the early days of the first iphone and ipod. But it's just not worth it. If you want a device you actually own, you'll have to buy something other than an Apple device.

Unfortunately Android is a bit of a wasteland also, with its own share locked up phones, crappy cheap phones with dodgy firmware, and wasting hours pouring over long, unstructured forum posts. I think Android phones suck generally but I like them better than iPhones.

For the unwashed masses, I can understand why Apple locks things down the way they do. It's good for them, but it's also good for their customers.

Why have even tech-savvy folks

[jabberw0k]

given in to peer pressure and spent their good money for computers (euphemistically called "telephones") full of proprietary hardware and software that cannot be prevented from spying on their owners and everyone around them? Illogical.

Re:

[Ungrounded Lightning]

Unfortunately Android is a bit of a wasteland also, with its own share locked up phones, crappy cheap phones with dodgy firmware, and wasting hours pouring over long, unstructured forum posts.

Once upon a time two major designs had nearly all the desktop personal computer / business workstation market: Apple Macintosh (a walled garden - no programming tools available short of buying an Apple Lisa), and IBM PC and its clones (based on an open hardware design but with lots of variations in peripherals, main b

Re:

[caseih]

Despite these amazing open source projects, I just don't see ARM-based hardware (phones especially) ever becoming open in the same sense as the original IBM PC design became (despite IBM's attempts to stop it). ARM is a decent architecture but it's hobbled by proprietary boot loaders and chipsets, and a general lack of standardization requiring binary blobs for a lot of things. It's amazing Android runs on all these different phones as well as it does. I can't really see ARM supplanting Intel anytime so

Re:

[iampiti]

I'd like to have full access too. Sadly, that's not in the interest of either the hardware manufacturers neither the OS makers (Google, Apple) nor the phone carriers. Creating closed or semi-closed devices has too many advantages for them and thus it's what we got.
It's a pity Nokia's Maemo didn't catch on because it run a full Linux system and gave the user more freedom than current OS (I'm not sure if it allowed root access).

Re:iPhone never belonged to us anyway

[Dixie_Flatline]

I think "unwashed masses" is needlessly pejorative. In my 20s I ran my own mail server and had opinions on Linux (Slackware forever) vs. FreeBSD and now I just cannot be FUCKED to care about any of that. Faffing about with my phone like that holds no interest to me, any more than hacking my toaster oven might. My phone is a pocket internet appliance. I want it to work, I want it to be relatively secure, and when I want a new one, I want it to be an upgrade over the one I bought 4 years ago if possible. Probably in another 20 years I won't care about the upgrade part.

I want a company like Apple to take it seriously so I don't have to.

"Sadly?"

[tambo]

Sadly, Apple's blunder didn't go unnoticed and earlier this month, a security researcher named Pwn20wnd released a public exploit based on Williamson's bug that could be used to jailbreak up-to-date iOS devices and grant users complete control over their iPhones.

What's with this "sadly" shit? It's a good thing for people to be able to control the devices that they purchase and own outright.

Re:

[tlhIngan]

Sadly, Apple's blunder didn't go unnoticed and earlier this month, a security researcher named Pwn20wnd released a public exploit based on Williamson's bug that could be used to jailbreak up-to-date iOS devices and grant users complete control over their iPhones.

What's with this "sadly" shit? It's a good thing for people to be able to control the devices that they purchase and own outright.

People include government agents, including customs officials who would love to "inspect" your phone. Or countries wher

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[magusxxx]

Also, maybe if Apple would make some of the more standard tweaks available in iOS less people would want to jailbreak. Case in point...

iOS 4x4 : 4 icons in dock = 20 icons per page
Mine 5x6 : 5 icons in dock = 35 (reduced size by 80%)

And I could have more if I wanted. Why is simple customization like this still not available?

Re:

[iampiti]

That was written from the point of view of Apple :P

Re:

[twocows]

No, that's definitely good. The problem is the same exploits used to enable jailbreaks can be used for malicious purposes, which is not great. Until we get laws that compel phone vendors to unlock off-contract devices for personal use, we're going to have to keep breaking into our own devices in the same way that threat actors would just to use them how we want to. It's fucking stupid. At least the Library of Congress specifically lists jailbreaking as an exception to the DMCA anti-circumvention laws so it'

Re: "Sadly?"

[Malays Boweman]

Apple dosen't care, because it's phones are marketed at fashionista-boi's, like Gucci products are. They won't listen to you and they will never listen to you. The Apple that made the Apple ][ is long, long, long gone.

Re:

[magusxxx]

At least in the US, if the phone goes off contract the phone company is required by law to unlock the phone. It has been that way for several years. They won't do it automatically, you have to ask.

Note to self:

[Sebby]

Don't update to 12.4.1 or above.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Pegasus

[SaBumNim]

When will they fix the Pegasus exploit hack that some company in Israel claims to have?

Apple can go to hell

[Malays Boweman]

I bet these clowns will 'lose' millions of credit card numbers and never go to jail for it. I vow to fight and slay these illigitimate kings.

Thank Gawd

[nobodyknew]

It finally happened! Upon the news I immediately turned off Auto-Update on all my I devices and canâ(TM)t wait to jailbreak 3 devices! Fuck Apple and long live the Hackintosh! God bless this mess!!!! #freedom Anyone wanting to do a proper Jailbreak please google for Redmond Pie instructions as these come from a trusted source https://www.redmondpie.com/jai... [redmondpie.com] You paid for it now enjoy your device!