Slashdot Mirror

← Back to Stories (view on slashdot.org)

Browser-Based Jailbreak For iPhone 4 Released

Posted by CmdrTaco on from the oh-yeah-totally-secure dept.

WrongSizeGlass writes "Apple Insider is reporting on a browser-based 'jailbreak' for iPhone 4. Hackers on Sunday released the first 'jailbreak' for the iPhone 4, a browser-based exploit that allows users to run unauthorized code. Unlike previous jailbreaks, which required users to run software on their Mac or PC and tether their iPhone to their computer, the latest hack is done entirely within the Safari browser. Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad. Some users have reported that the modification results in broken MMS and FaceTime functionality. This jailbreak does not work on iPads running iOS 3.2.1. "

4 of 154 comments (clear)

  1. Security issue? by miffo.swe · · Score: 5, Insightful

    Isnt this a very large gaping security issue? I would assume its much worse than the Android one where you had to trick the user into installing a kernel module manually.

    --
    HTTP/1.1 400
    1. Re:Security issue? by Timmmm · · Score: 5, Insightful

      Indeed. "Custom versions of Android can be easily created" gets reported as "Android vulnerable to rootkits!", but "Huge security flaw in mobile safari" gets reported as "Unlock your iPhone 4!"

    2. Re:Security issue? by whisper_jeff · · Score: 5, Insightful

      I'm sorry, but are you trying to imply that there's a negative bias against Android and a positive bias towards the iPhone on Slashdot lately? Really? Maybe you haven't been reading the site for the past year or so but, things have changed, quite a bit...

  2. So in other words by bm_luethke · · Score: 5, Insightful

    You have a remote rootkit running from simply visiting a website?

    Wasn't it just yesterday or the day before we called rooting your android (which has to be tethered), erasing your old operating system, and installing a new "custom" one with a rootkit installed on it which allows remote activiation of root an attack vector (note that even a rooted Android device can't get outside the Dalvik VM)?

    I'm certain, absolutely certain that there will be no abuses of this. There will not be any nefarious person have a "must have" app that is so good that the app store refused and all you have to do are these easy steps right here on this web page! No, never happen - users would *never* be stupid enough to run things from a website - this is a great feature!

    --
    ------- Sorry about the spelling, I suffer from two problems. Dyslexia makes it difficult to spell well, lazy makes it