Slashdot Mirror

← Back to Stories (view on slashdot.org)

Browser-Based Jailbreak For iPhone 4 Released

Posted by CmdrTaco on from the oh-yeah-totally-secure dept.

WrongSizeGlass writes "Apple Insider is reporting on a browser-based 'jailbreak' for iPhone 4. Hackers on Sunday released the first 'jailbreak' for the iPhone 4, a browser-based exploit that allows users to run unauthorized code. Unlike previous jailbreaks, which required users to run software on their Mac or PC and tether their iPhone to their computer, the latest hack is done entirely within the Safari browser. Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad. Some users have reported that the modification results in broken MMS and FaceTime functionality. This jailbreak does not work on iPads running iOS 3.2.1. "

7 of 154 comments (clear)

  1. Security issue? by miffo.swe · · Score: 5, Insightful

    Isnt this a very large gaping security issue? I would assume its much worse than the Android one where you had to trick the user into installing a kernel module manually.

    --
    HTTP/1.1 400
    1. Re:Security issue? by Timmmm · · Score: 5, Insightful

      Indeed. "Custom versions of Android can be easily created" gets reported as "Android vulnerable to rootkits!", but "Huge security flaw in mobile safari" gets reported as "Unlock your iPhone 4!"

    2. Re:Security issue? by whisper_jeff · · Score: 5, Insightful

      I'm sorry, but are you trying to imply that there's a negative bias against Android and a positive bias towards the iPhone on Slashdot lately? Really? Maybe you haven't been reading the site for the past year or so but, things have changed, quite a bit...

  2. So in other words by bm_luethke · · Score: 5, Insightful

    You have a remote rootkit running from simply visiting a website?

    Wasn't it just yesterday or the day before we called rooting your android (which has to be tethered), erasing your old operating system, and installing a new "custom" one with a rootkit installed on it which allows remote activiation of root an attack vector (note that even a rooted Android device can't get outside the Dalvik VM)?

    I'm certain, absolutely certain that there will be no abuses of this. There will not be any nefarious person have a "must have" app that is so good that the app store refused and all you have to do are these easy steps right here on this web page! No, never happen - users would *never* be stupid enough to run things from a website - this is a great feature!

    --
    ------- Sorry about the spelling, I suffer from two problems. Dyslexia makes it difficult to spell well, lazy makes it
    1. Re:So in other words by jamesh · · Score: 4, Insightful

      You have a remote rootkit running from simply visiting a website?

      That was my first thought too. Apple have left a hole in iPhoneOS (IOS, no matter how you case it, will always be Cisco in my mind :) wide enough that you can get root on it simply by getting to a website? I haven't RTFA so maybe there is more to it than that but i'm a little worried. I wonder how long until I can upgrade to Android on the iPhone...

  3. Re:Note: Userland Jailbreak, Not Bootrom Jailbreak by bemymonkey · · Score: 4, Insightful

    That's troubling on a great deal of levels. Android seems to be going the same way...

  4. Re:Does the jailbreak patch the exploit? by ColdWetDog · · Score: 4, Insightful

    You've got to love the iPhone spin on this...

    Your Reality Distortion Field is getting a bit weak. Time to head out to your local Apple store and buy something new and shiny to refresh the Field.

    Then you will feel better.

    --
    Faster! Faster! Faster would be better!