Slashdot Mirror
Browser-Based Jailbreak For iPhone 4 Released
WrongSizeGlass writes "Apple Insider is reporting on a browser-based 'jailbreak' for iPhone 4. Hackers on Sunday released the first 'jailbreak' for the iPhone 4, a browser-based exploit that allows users to run unauthorized code. Unlike previous jailbreaks, which required users to run software on their Mac or PC and tether their iPhone to their computer, the latest hack is done entirely within the Safari browser. Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad. Some users have reported that the modification results in broken MMS and FaceTime functionality. This jailbreak does not work on iPads running iOS 3.2.1. "
This made the BBC news website front page - http://www.bbc.co.uk/news/technology-10836692
Now, just need a fix for iOS4 being slow and shit on the iPhone 3G....
http://lifehacker.com/5599406/disable-spotlight-searches-to-improve-iphone-3g-performance-on-ios-4
turn off the parts of spotlight you don't use
Like anyone can even know that
If a website can run unauthorized code by just visiting a page, does the jailbreak "innoculate" against the exploit it uses?
Or would apple's fix for the bug also break the jailbreak? (they'll do that, I guess).
Quidquid latine dictum sit, altum videtur
Isnt this a very large gaping security issue? I would assume its much worse than the Android one where you had to trick the user into installing a kernel module manually.
HTTP/1.1 400
You have a remote rootkit running from simply visiting a website?
Wasn't it just yesterday or the day before we called rooting your android (which has to be tethered), erasing your old operating system, and installing a new "custom" one with a rootkit installed on it which allows remote activiation of root an attack vector (note that even a rooted Android device can't get outside the Dalvik VM)?
I'm certain, absolutely certain that there will be no abuses of this. There will not be any nefarious person have a "must have" app that is so good that the app store refused and all you have to do are these easy steps right here on this web page! No, never happen - users would *never* be stupid enough to run things from a website - this is a great feature!
------- Sorry about the spelling, I suffer from two problems. Dyslexia makes it difficult to spell well, lazy makes it
Just as a heads up to anyone thinking of buying and/or jailbreaking an iPhone 4, keep in mind that this is a userland jailbreak (like Spirit) and not a bootrom jailbreak like 24Kpwn. This is significant because this jailbreak only works on iOS versions with the vulnerable component, which means that Apple can and surely will patch it out in 4.1. This is also why Apple is signing their firmware: once they do release 4.1 they'll stop signing 4.0.x and it will be impossible to jailbreak new iPhone 4/3GSes as those devices will ship with 4.1 and it will be impossible to downgrade. Existing owners should be sure to backup their SHSH blobs using Cydia or Tiny Umbrella so that you can downgrade or reinstall 4.0.x in the future, otherwise you will be trapped just like new iPhone owners. 3G owners are also encouraged to backup their SHSH blobs, as Apple is soft-signing iOS 4.x on those devices (even though the hardware can't enforce it).
Anyhow, while I'm excited to see an iPhone 4 jailbreak, I'm a bit worried about the fact that it's another userland jailbreak. No one has successfully exploited the Apple bootrom since iBoot-359.3.2 was released last year, which is troubling. It's not possible to replicate the complete jailbreakability of the iPhone/3G without a bootrom exploit, and as iOS can quickly be updated to stamp out new userland exploits there's a distinct risk of the hackers running out of practical ways to jailbreak the platform through such limited means. Unless someone does find a new bootrom exploit, the "golden age" of jailbreaking has probably already sailed, and in the long run this is a very bad thing. The (practically) unhackable computer marches in on all fronts...
The Facetime and MMS issues were due to a permissions problem, which has already been sorted out, per planetbeing's Twitter feed.
Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad.
This sounds like a huge security hole. If simply visiting a web page can modify the OS of the phone, then this can surely be used for more malicious purposes. Maybe the user has to make some more clicks but then how hard is it to social engineer a user into doing that, and the attacker can do anything they like. Such as installing back doors, keyloggers, whatever. This I think is more than just a jailbreak: this is a root exploit in the browser. Scary, to say the least.
The jailbreak itself may not work on other versions of iOS, but as it involves Safari I wouldn't be surprised if the root exploit itself works there as well. Binary patching of the running O/S (which is what I guess they are doing) of course works only against a specific version, minor revisions may break it, so no surprise it doesn't work for the iPad.
This is one I have to say I hope Apple plugs quickly. It just sounds too scary to me.
just tried that on my ipod (which is basically iphone 3g hardware), and loading the ipod-app still takes noticable time, rather then being instantanious in 3.1.3
i really regret upgrading the ios 4, the only added function i can find is threaded email (of which apple's implementation SUCKS), and i got a serious performance drop
People, what a bunch of bastards
Sod loading anything, my 3G takes a noticeable period of time to react to UI inputs, screen rotations et al when it didn't under the previous OS. iOS4 sucks for the 3G, I don't know why Apple included it in the release.
Try doing a hard reset to the 3G phone x2. My wife's phone was unusable after the iOS4 update. This did the trick. It's worth a try.
Let's face it, most of us are scoffers. But moments before zero hour, it does not pay to take chances.
I just tried it too. I noticed a definite improvement in performance across all apps. The music app still takes forever to launch but it's better than it was with spotlight enabled. I don't think I've ever used spotlight on my iPod so disabling was a small price to pay for a bit of extra performance and probably better battery life.
I agree with everything you've said but your post makes it sound like disabling spotlight doesn't help at all which might discourage people from trying this hack.
this post is now diamonds!
hmm, i havent noticed serious input lag, just that safari doing loading wont respond at all to inputs, and apps like ipod-app hang for ~5 secs when you open them
i hope they fix it, if they dont however, i wont care all that much, in a few months my ancient symbian powered nokia will be replaced by a HTC android device, which will also make my ipod redundant
People, what a bunch of bastards
Disable the damn search junk you dont use anyways. IT sped my wifes 3G up a lot.
If there was one thing I wish the jailbreaking community would od is submit a patch to remove the useless search on the iphone.
Do not look at laser with remaining good eye.
I do...
iAds.
Do not look at laser with remaining good eye.
If you're doing this and getting the purple background of death (just hangs and doesn't install) try this:
Method 1
-Click Home
-Double-click Home to bring up running apps
-Click and hold on Safari
-Close Safari, try again
Method 2
-Go to Settings->Safari
-Clear cache, history, cookies (some reported clearing History IN Safari to work)
-Try again
Method 3 (only thing that worked for me)
-Go to jailbreakme.modmyi.com instead of jailbreakme.com (just a mirror)
3GS 4.0.1
To have the "cutting edge" people test out new features.
Ah Apple. You can have a secure browser with outrageous roaming charges or an insecure browser which anyone can run arbitrary root code and no roaming charges.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Good thing Android has never had a remote exploit huh ? (Oops.)
At least Apple as very judicious about pushing out updates (and Apple users generally update very frequently) while some manufacturers send out handsets with old Android versions and don't care that much about providing their users with the latest and greatest.
If all else fails, immortality can always be assured by spectacular error.
I don't know why Apple included it in the release.
Damned if you do, damned if you don't.
---- Booth was a patriot ----
I wonder what they added that slowed it down so much. Multitasking is disabled in the 3G. As far as I can tell the new version has added folders, desktop pictures and some minor changes to the email. Yet it feels considerably slower.
I had 4.0 running on my 3G for a couple or three weeks. I got tired of apps not starting up, extreme sluggishness, etc., so I ended up downgrading to 3.1.3. I enabled native multitasking (my phone is jailbroken), but it seemed to be less capable than the multitasking provided by Backgrounder. If I left a webpage or two open in Safari, odds were good that attempts to start other apps would fail. Even if I rebooted the phone, it'd take an interminably long time to open most apps. I had half a thought to have PwnageTool make an image with native multitasking disabled, but the final straw that sent me back to 3.1.3 was that 4.0 broke AirVideo's TV-out capability. The ability to group related apps together was nice (went from six or seven pages of apps down to just two), but iOS 4.0 caused too much other breakage for my taste.
20 January 2017: the End of an Error.