Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Outs Anti-Jailbreak Update

Posted by CmdrTaco on from the longer-than-i'd-expect dept.

Stoobalou writes "Apple has issued an emergency update for devices running the iOS 4 mobile operating system. iOS 4.0.2 plugs the security hole exploited by the iPhone Dev Team to allow pain-free jailbreaking of the iPhone 4 and its manifold siblings as well as... actually, that's about it."

6 of 429 comments (clear)

  1. Re:Why does the submitter see this as a bad thing? by EricTheRed · · Score: 5, Interesting

    If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.

    That's true. Although recently jailbreakme got some legal footing about the legality of jail-breaking a phone, the way they did it was an issue, so it's good that the hole was broken.

    Another good example, not of bricking a phone, was shown on the UK tv news last night - of an example app on Android being able to record arbitrary audio after performing a similar hack.

    So although this says it's anti-jailbreak, that's just secondary - it was one hell of a hole in the first place.

    --
    Java gaming nut - http://www.retep.org/ or for the rail http://uktra.in/
  2. Re:Why does the submitter see this as a bad thing? by oztiks · · Score: 4, Interesting

    This exploit is the least of their problems ... http://www.sbsfaq.com/?p=2165

  3. Re:Why does the submitter see this as a bad thing? by Anonymous Coward · · Score: 4, Interesting

    I thought android phones needed to be "rooted". Double standard much?

  4. Re:No update for older iPhone and iPod Touch... by marcansoft · · Score: 4, Interesting

    Yup, already out for testing.

    Thu Aug 12 15:20:25 unknown MobileSafari[421] : MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/PDFPatch_CVE-2010-1797.dylib
    [...]
    Thu Aug 12 15:20:56 unknown MobileSafari[421] : Prevented PDF Exploit
    Thu Aug 12 15:20:56 unknown MobileSafari[421] : FT_Load_Glyph failed: glyph 1: error 130.
    Thu Aug 12 15:20:56 unknown UIKitApplication:com.apple.mobilesafari[0xc4c][421] : Thu Aug 12 15:20:56 iphone MobileSafari[421] : FT_Load_Glyph failed: glyph 1: error 130.

    And suddenly jailbreaking is the smart security option for all the users that Apple left behind.

  5. Re:Why does the submitter see this as a bad thing? by delinear · · Score: 4, Interesting

    Android phones only need to be rooted if you're doing something that requires root access - for everything else running unsigned (i.e. third party, non-market) apps is simply a matter of unchecking a box in the settings, so no, it's not quite the same thing (as you'd know if you had ever tried to send an MP3 via bluetooth from an Android phone to an iPhone, for instance - they both have this ability but only one allows you to do it without rooting the device).

  6. Re:Why does the submitter see this as a bad thing? by mlts · · Score: 4, Interesting

    A rooted Android phone is almost always still decently secure, and usually the rooting process involves something with adb, something a Dalvik VM app will be hard pressed to get unless it asks for permissions.

    Say a piece of malware gets downloaded from Google's Marketplace. The su app pops up asking, "hey, the Vomitron Toaster app wants root privs?" Anyone with a clue is going to tick "no" and "remember this decision". In a couple hours after the app gets flagged, Google fires off the kill switch and the app gets zapped from the store and phones.

    Rooting gives one more functionality, but it doesn't significantly add functionality to a device like an IOS JB does.

    Here is the funny thing. If I want a command line shell to do stuff on a phone, Android is easy -- download a terminal app. The iPhone, I need to do the following:

    1: JB the device.
    2: Hunt down "MobileTerminal 426", the Debian package.
    3: Get on a wireless network.
    4: Enable OpenSSH.
    5: ssh into phone, change root and mobile password to something respectable (20+ characters.)
    6: scp the Debian package and install it.
    7: Install sudo from Cydia and configure it so I don't need to type in the insanely long password when I want root access.
    8: Edit /etc/sshd/sshd_config to only allow access via RSA key, and disallow root access.
    9: Make sure the sshd is turned off in SBSettings unless it is needed. It will turn back on after a reboot.

    All this so I can have full command line access to my iPhone and a method of copying files to and from the filesystem without restriction. The reason why I do the gymnastics with sshd as opposed to uninstalling it is so I can sftp in.

    To boot, the only command line terminal app [1] that works on the iPhone (the Terminal app in Cydia is not iOS4 compatible and crashes on startup) doesn't seem to have the ability to do control keys other than control-C. Of course, I wonder if I can just use a normal app and ssh to loopback, but so far, that hasn't worked unless the device is on a Wi-Fi network.

    Personally, if someone can make a good terminal emulator and put it on Cydia, I'd pay $5-$10 for it. Especially if it has an easy mechanism for doing control and meta keys, so if I feel insane enough to run emacs, I can.

    [1]: A true terminal app that uses a shell and such. There are apps for ssh and such, but those don't have access to the whole phone's filesystem, and I doubt they would get approved if they had the ability to do so.