Slashdot Mirror

← Back to Stories (view on slashdot.org)

Browser-Based Jailbreak For iPhone 4 Released

Posted by CmdrTaco on from the oh-yeah-totally-secure dept.

WrongSizeGlass writes "Apple Insider is reporting on a browser-based 'jailbreak' for iPhone 4. Hackers on Sunday released the first 'jailbreak' for the iPhone 4, a browser-based exploit that allows users to run unauthorized code. Unlike previous jailbreaks, which required users to run software on their Mac or PC and tether their iPhone to their computer, the latest hack is done entirely within the Safari browser. Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad. Some users have reported that the modification results in broken MMS and FaceTime functionality. This jailbreak does not work on iPads running iOS 3.2.1. "

8 of 154 comments (clear)

  1. Does the jailbreak patch the exploit? by Gopal.V · · Score: 5, Interesting

    If a website can run unauthorized code by just visiting a page, does the jailbreak "innoculate" against the exploit it uses?

    Or would apple's fix for the bug also break the jailbreak? (they'll do that, I guess).

    --
    Quidquid latine dictum sit, altum videtur
    1. Re:Does the jailbreak patch the exploit? by TheRaven64 · · Score: 5, Interesting

      You've got to love the iPhone spin on this. On any other platform, this would be termed a remote root hole - jailbreaking doesn't just require running arbitrary code, it requires becoming a privileged user who can install arbitrary software as well. On the iPhone, it's a browser-based jailbreak. With a vulnerability like this, you could easily write a worm that would infect a large proportion of iPhone users (just have their phones email / IM the URL of the exploit + payload to everyone in the address book), but somehow the publicity talks about how great it is that you can use it to regain control over the device that you own, rather than about how anyone else can do the same.

      --
      I am TheRaven on Soylent News
  2. Serious security hole by wvmarle · · Score: 5, Interesting

    Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad.

    This sounds like a huge security hole. If simply visiting a web page can modify the OS of the phone, then this can surely be used for more malicious purposes. Maybe the user has to make some more clicks but then how hard is it to social engineer a user into doing that, and the attacker can do anything they like. Such as installing back doors, keyloggers, whatever. This I think is more than just a jailbreak: this is a root exploit in the browser. Scary, to say the least.

    The jailbreak itself may not work on other versions of iOS, but as it involves Safari I wouldn't be surprised if the root exploit itself works there as well. Binary patching of the running O/S (which is what I guess they are doing) of course works only against a specific version, minor revisions may break it, so no surprise it doesn't work for the iPad.

    This is one I have to say I hope Apple plugs quickly. It just sounds too scary to me.

  3. Re:Apple Insider? Pah! by Richard_at_work · · Score: 5, Interesting

    Sod loading anything, my 3G takes a noticeable period of time to react to UI inputs, screen rotations et al when it didn't under the previous OS. iOS4 sucks for the 3G, I don't know why Apple included it in the release.

  4. Re:Apple Insider? Pah! by Vectormatic · · Score: 2, Interesting

    hmm, i havent noticed serious input lag, just that safari doing loading wont respond at all to inputs, and apps like ipod-app hang for ~5 secs when you open them

    i hope they fix it, if they dont however, i wont care all that much, in a few months my ancient symbian powered nokia will be replaced by a HTC android device, which will also make my ipod redundant

    --
    People, what a bunch of bastards
  5. Sometimes I believe Apple puts these back doors in by line-bundle · · Score: 4, Interesting

    To have the "cutting edge" people test out new features.

  6. Re:Apple Insider? Pah! by crispy_one · · Score: 2, Interesting
    Tell me that Steve Jobs did not write this article... http://www.computerandvideogames.com/article.php?id=258165

    A jailbreak for the iPhone 4 has been engineered and released by hackers, meaning that dodgy users can gain access to all kinds of unofficial content.

  7. Re:Apple Insider? Pah! by Anonymous Coward · · Score: 1, Interesting

    HUH?
    If they said the OS would not work on Iphone 3G and Ipod TOuch 2nd gen or older, then that would have been a motivation for people to upgrade hardware. As it is now, you have people with devices that used to perform great are now performing like shit. Do you really think those people will want to spend on upgrading hardware thanks to getting "burned" by a shoddy OS upgrade?