Two Unpatched Flaws Show Up In Apple iOS

Trailrunner7 writes "The technique that the Jailbreakme.com Web site is using to bypass the iPhone's security mechanisms and enable users to run unapproved apps on their phones involves exploiting two separate vulnerabilities. One of the vulnerabilities is a memory-corruption flaw that affects the way that Apple's mobile devices, including the iPad and iPod Touch, display PDFs. The second weakness is a problem in the Apple iOS kernel that gives an attacker higher privileges once his code is on a targeted device, enabling him to break out of the iOS sandbox. The combination of the two vulnerabilities — both of which are unpatched at the moment — gives an attacker the ability to run remote code on the device and evade the security protections on the iPhone, iPad or iPod Touch. The technique became public earlier this week when the Jailbreakme.com site began hosting a set of specially crafted PDF files designed to help users jailbreak their Apple devices and load apps other than the ones approved by Apple and offered in its official App Store."

Flaw?

[nurb432]

Or feature?

Since its allowed many of us to jailbreak our devices id say its a feature. But one they will want to patch to prevent it. To bad if we don't, we are vulnerable to legitimate attacks.

Now that the feds have officially said we can do this with out any legal repercussions ( well, duh...), why cant Apple just open it up with a disclaimer " yes, here is the unlock code, but if you use it, you void your warranty " then track who uses their code ( a unique key per device ). That way users can have a choice, without relying on bugs.

"Real PC user experience", as requested

Everyone here clearly doesn't appreciate the immense effort that Apple has expended to bring people the "real PC user experience" on their phones, just like all the butthurt Android fantards keep whining about. Now you can enjoy "real PC features" like losing 10% of battery life to ineffective but performance-sapping virus scanners!