Slashdot Mirror
Apple Outs Anti-Jailbreak Update
Stoobalou writes "Apple has issued an emergency update for devices running the iOS 4 mobile operating system. iOS 4.0.2 plugs the security hole exploited by the iPhone Dev Team to allow pain-free jailbreaking of the iPhone 4 and its manifold siblings as well as... actually, that's about it."
If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.
I appreciate jailbreaking, but security is more important. What about older devices? Maybe McAfee or Symantec will have a solution.
There are a million of them. Why not buy one you don't have to jailbreak?
Bet it'd be cheaper too.
Exactly- phrased differently- "A vulnerability actively being exploited in the wild was patched".
Granted, some of those actively exploiting it were the owners of the devices... but hey. You seriously don't know if it was being exploited by others for financial gain. If they were that good, you'd never know. I'm all for patching the vuln.
"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway" -Andrew Tanenbaum
This is a massively publicized remote exploit. That is the most critical sort of security issue for an operating system. There is nothing strange about them prioritizing it.
Nerd rage is the funniest rage.
Indeed. And similarly, it was wrong that the original news of the exploit was publicised as a good thing (or, at worst, neutral), rather than being publicised as a major security hole (like you know they would have had it have been something like Internet Explorer).
Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality. But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits; or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.
I wouldn't be jailbreaking my iPhone if there was a way to remove SIM lock. Right now Apple & AT&T has forced me into a situation where AT&T won't provide unlock code (asks to go some unlock shop and pay for the unlock) and Apple doesn't really care. Only option is to jailbreak to get blacksn0w running.
If Steve/government (in many countries in Europe it is mandated that after contract period unlock key is given) would force AT&T to provide unlock codes for everyone out of contract then most of the jailbreaking business would go away.
It's amazing that slashdot can spin this as anything other than a good thing. Bottom line – the phone had a serious security vulnerability that allowed people to brick/use the phone for various nefarious tasks. Apple fixed it, spinning this as anything other than an important bug fix is downright irresponsible.
In modern parlance, "bricked" means "mildly inconvenienced for about 30 minutes" rather than "made completely inoperable to the point where the hardware is now about as useful as a standard brick" and "zero day" means "sometime within the next 5 years after the actual software was released in the first place."
It isn't just anti-jailbreak, it's patching a pretty serious security flaw.
What basic functionality?
Tethering? The phone already does that, without jailbreaking. Installing non-app store apps? I wouldn't call that basic - the phone is just not designed and promoted to work that way (ie, if you want to do other things with it, you're moving away from 'basic' and into 'unsupported, potentially advanced' functions).
The biggest reason I've seen for jailbreaking my phone (although I haven't done so) is to enable use of the phone as an AP, rather than having to tether to my Powerbook and then share my wifit that way, but the number of times I've needed to share my connection when there's been nothing but 3G access is limited. Either way, that's hardly basic functionality.
I guess VoIP is verging on basic, but there are apps that work over wifi - the 3G restrictions are carrier based.
I agree that this exploit has been spun the wrong way - as a positive thing to enable easy jailbreaking. Any security hole is never a positive thing, regardless of the beneficial things you can do with it. I'm glad it has been addressed, although I am hoping it will also be fixed for users of 2G and 3G iPhones who haven;t upgraded to iOS4.
You do realize that the iPhone does tethering, but AT&T charges $20 to enable it? That is a carrier restriction, not an Apple restriction.
Shame you posted this anonymously, it's currently sitting at 0, Insightful. Can we stop this iPhone doublethink when it comes to security holes? This is a remote root hole. Someone can gain root on an iPhone just by making the owner visit a malicious web page. Fixing this hole is not a conspiracy to stop people jailbreaking their phones, it's a fix for a serious hole. Criticise Apple all you like for shipping the hole in the first place or for the time taken to provide the fix, but don't criticise them for addressing a serious vulnerability.
I am TheRaven on Soylent News
We paid for the phone, we should be able to use it how we see fit.
Actually, no, you didn't pay for the phone, at least not all of it. You paid $200, and AT&T paid more to Apple as a subsidy.
It's still a sale and not a lease. They fact that the sale price is subsidized via the sale of another product (2 year service contract) does not make it any less of a sale. If you buy a burrito and a bag of chips, the drink is only 25 cents. If you apply for a Macy's credit card, you get additional 40% off your purchase.
I'm sure I'm in the /. minority on this, but I really don't see the big deal about getting an unlocked phone in the US. They're not currently available from Apple, but if they were they'd cost about $600, based on what they sell for in Canada, and you're not entitled to have the iPhone you paid $200 for (subsidized) unlocked, so some questions:
You are confusing subsidized vs unlocked. They are 2 different things. I thought you could already get it unsubsidized, but not unlocked (at least in the U.S.).
Why would I want any "smartphone" without a data plan? What's the point? If that was my goal I'd go back to an iPod and a cheap Nokia
I don't know why you would want it, but that's not the point. One could still use it as a Wifi device with VoIP capabilities, etc. You may want to use it on T-Mobile, or get a plan from Canada, or sell it / give it to someone else from another country.
The only other carrier in the US is T-Mobile, but apparently they use some different frequencies and not everything works right, so I need AT&T anyway.
No you don't - 3G frequencies are different. Voice and 2G are the same.
Since I need a dataplan ($15 or $25 a month from AT&T), why would I pay $400 more for the unlocked phone, which amortized over 24 months is $16.67 a month?
Again, you are confusing subsidized vs unlocked.
The sense of entitlement by a lot of people is becoming increasingly disturbing. You want the iPhone 4 unlocked, but you don't (I assume) want to pay the full price for it, and you want the government to step in and tell AT&T / Apple to unlock a subsidized phone. Whatever. You are not entitled to an unlocked iPhone for $200.
Besides the "entitlement" argument, I agree with your point there - I am not convinced the government should step in.
I pay AT&T $200 and sign a 2 year contract ($~75/month). It is not $200 only, the cost is amortized over the period of the contract.
I cannot break that contract without legal recourse from AT&T. Why does AT&T have additional entitlement?
If I want/need to move to another carrier, I should be able to do so by paying the surrender value for the remainder of the contract, and take my working phone and my number to another carrier of my choice.
AT&T looses nothing, unless, they expect that the user will fork out additional funds. If there is sense of entitlement it is not with most users, but with AT&T.