Slashdot Mirror

← Back to Stories (view on slashdot.org)

Browser-Based Jailbreak For iPhone 4 Released

Posted by CmdrTaco on from the oh-yeah-totally-secure dept.

WrongSizeGlass writes "Apple Insider is reporting on a browser-based 'jailbreak' for iPhone 4. Hackers on Sunday released the first 'jailbreak' for the iPhone 4, a browser-based exploit that allows users to run unauthorized code. Unlike previous jailbreaks, which required users to run software on their Mac or PC and tether their iPhone to their computer, the latest hack is done entirely within the Safari browser. Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad. Some users have reported that the modification results in broken MMS and FaceTime functionality. This jailbreak does not work on iPads running iOS 3.2.1. "

13 of 154 comments (clear)

  1. Apple Insider? Pah! by Richard_at_work · · Score: 5, Informative

    This made the BBC news website front page - http://www.bbc.co.uk/news/technology-10836692

    Now, just need a fix for iOS4 being slow and shit on the iPhone 3G....

  2. Does the jailbreak patch the exploit? by Gopal.V · · Score: 5, Interesting

    If a website can run unauthorized code by just visiting a page, does the jailbreak "innoculate" against the exploit it uses?

    Or would apple's fix for the bug also break the jailbreak? (they'll do that, I guess).

    --
    Quidquid latine dictum sit, altum videtur
    1. Re:Does the jailbreak patch the exploit? by TheRaven64 · · Score: 5, Interesting

      You've got to love the iPhone spin on this. On any other platform, this would be termed a remote root hole - jailbreaking doesn't just require running arbitrary code, it requires becoming a privileged user who can install arbitrary software as well. On the iPhone, it's a browser-based jailbreak. With a vulnerability like this, you could easily write a worm that would infect a large proportion of iPhone users (just have their phones email / IM the URL of the exploit + payload to everyone in the address book), but somehow the publicity talks about how great it is that you can use it to regain control over the device that you own, rather than about how anyone else can do the same.

      --
      I am TheRaven on Soylent News
  3. Security issue? by miffo.swe · · Score: 5, Insightful

    Isnt this a very large gaping security issue? I would assume its much worse than the Android one where you had to trick the user into installing a kernel module manually.

    --
    HTTP/1.1 400
    1. Re:Security issue? by Jeffrey+Baker · · Score: 5, Informative

      Yes, but there has never been a time where Mobile Safari was free of remotely exploitable flaws. If you look at the history of the iPhone OS release notes, you will always find gaping holes that were closed in Safari, and many of them were uncovered by third parties. For example see the release notes of iOS 4.0 which contain nuggets like "Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution" due to CVE-2009-2195 in WebKit.

    2. Re:Security issue? by Timmmm · · Score: 5, Insightful

      Indeed. "Custom versions of Android can be easily created" gets reported as "Android vulnerable to rootkits!", but "Huge security flaw in mobile safari" gets reported as "Unlock your iPhone 4!"

    3. Re:Security issue? by whisper_jeff · · Score: 5, Insightful

      I'm sorry, but are you trying to imply that there's a negative bias against Android and a positive bias towards the iPhone on Slashdot lately? Really? Maybe you haven't been reading the site for the past year or so but, things have changed, quite a bit...

  4. So in other words by bm_luethke · · Score: 5, Insightful

    You have a remote rootkit running from simply visiting a website?

    Wasn't it just yesterday or the day before we called rooting your android (which has to be tethered), erasing your old operating system, and installing a new "custom" one with a rootkit installed on it which allows remote activiation of root an attack vector (note that even a rooted Android device can't get outside the Dalvik VM)?

    I'm certain, absolutely certain that there will be no abuses of this. There will not be any nefarious person have a "must have" app that is so good that the app store refused and all you have to do are these easy steps right here on this web page! No, never happen - users would *never* be stupid enough to run things from a website - this is a great feature!

    --
    ------- Sorry about the spelling, I suffer from two problems. Dyslexia makes it difficult to spell well, lazy makes it
  5. Note: Userland Jailbreak, Not Bootrom Jailbreak by rsmith-mac · · Score: 5, Informative

    Just as a heads up to anyone thinking of buying and/or jailbreaking an iPhone 4, keep in mind that this is a userland jailbreak (like Spirit) and not a bootrom jailbreak like 24Kpwn. This is significant because this jailbreak only works on iOS versions with the vulnerable component, which means that Apple can and surely will patch it out in 4.1. This is also why Apple is signing their firmware: once they do release 4.1 they'll stop signing 4.0.x and it will be impossible to jailbreak new iPhone 4/3GSes as those devices will ship with 4.1 and it will be impossible to downgrade. Existing owners should be sure to backup their SHSH blobs using Cydia or Tiny Umbrella so that you can downgrade or reinstall 4.0.x in the future, otherwise you will be trapped just like new iPhone owners. 3G owners are also encouraged to backup their SHSH blobs, as Apple is soft-signing iOS 4.x on those devices (even though the hardware can't enforce it).

    Anyhow, while I'm excited to see an iPhone 4 jailbreak, I'm a bit worried about the fact that it's another userland jailbreak. No one has successfully exploited the Apple bootrom since iBoot-359.3.2 was released last year, which is troubling. It's not possible to replicate the complete jailbreakability of the iPhone/3G without a bootrom exploit, and as iOS can quickly be updated to stamp out new userland exploits there's a distinct risk of the hackers running out of practical ways to jailbreak the platform through such limited means. Unless someone does find a new bootrom exploit, the "golden age" of jailbreaking has probably already sailed, and in the long run this is a very bad thing. The (practically) unhackable computer marches in on all fronts...

    1. Re:Note: Userland Jailbreak, Not Bootrom Jailbreak by Nerdfest · · Score: 5, Informative

      Android remains an open OS, but what some phone manufacturers are doing is very bad (fused ROMS, locked bootloaders). I'm hoping word spreads and people avoid those phones.

  6. Facetime/MMS fixed by RandyOo · · Score: 5, Informative

    The Facetime and MMS issues were due to a permissions problem, which has already been sorted out, per planetbeing's Twitter feed.

  7. Serious security hole by wvmarle · · Score: 5, Interesting

    Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad.

    This sounds like a huge security hole. If simply visiting a web page can modify the OS of the phone, then this can surely be used for more malicious purposes. Maybe the user has to make some more clicks but then how hard is it to social engineer a user into doing that, and the attacker can do anything they like. Such as installing back doors, keyloggers, whatever. This I think is more than just a jailbreak: this is a root exploit in the browser. Scary, to say the least.

    The jailbreak itself may not work on other versions of iOS, but as it involves Safari I wouldn't be surprised if the root exploit itself works there as well. Binary patching of the running O/S (which is what I guess they are doing) of course works only against a specific version, minor revisions may break it, so no surprise it doesn't work for the iPad.

    This is one I have to say I hope Apple plugs quickly. It just sounds too scary to me.

  8. Re:Apple Insider? Pah! by Richard_at_work · · Score: 5, Interesting

    Sod loading anything, my 3G takes a noticeable period of time to react to UI inputs, screen rotations et al when it didn't under the previous OS. iOS4 sucks for the 3G, I don't know why Apple included it in the release.