Slashdot Mirror
iOS 4.3.4 Prevents Hacking and Jailbreaking
Mightee writes "Apple has released a software update to iOS, version 4.3.4, for the iPhone 4, 3GS, iPad 2, 1, and iPod Touch. The main objective of this version is to prevent the hacking in Apple iOS devices which occurs through malicious PDF files. Another objective is to prevent the jailbreaking which occurs as a consequence of the previous effect. In previous versions, the iOS device is easily vulnerable to attacks. It happens because of mishandling of fonts embedded in the PDF file. Sometimes a downloaded PDF may be malicious, and there is a possibility that the file could inject malware into the iOS device, which gives a chance for the hackers to access the hardware of the iOS device."
We'll get a bigger stick. [CHALLENGE ACCEPTED]
It sounds like a computer wrote it. Yes, Apple patched the flaw and added some extra checks to prevent that method from working again. Like most other post-jailbreak patches.
it's been jailbroken: http://gizmodo.com/5821905/ios-434-has-been-jailbroken
"The main objective of this version is to prevent the hacking in Apple iOS devices which occurs through malicious pdf file. "
Right - they aren't addressing a major security vulnerability. They just want to rain on your jailbreak parade.
iOS 5 will automatically detect and correct problems with your sentence structure that unfortunately turn people against you!
In other news, pdf's may cause iOS devices to use the word "device" at least five times in a slashdot article.
Yeah, let me know how that works out for you...
They only closed the PDF vulnerability, not any of the boot/kernel holes we've been using for a long while. And honestly using an active remote code execution vuln to jailbreak your device is like firing a rocket at your house because you forgot your keys.
What a shitty summary and article. Seems like both were written by retarded 4th graders.
Its as if this update solved all problems and will solve all problems in the future.
"iOS 4.3.4 solves known pdf exploits"
Would have made sense.
None of this "Prevents Hacking and Jailbreaking" nonsense.
I'll give them a week and a half of being unjailbreakable... Its going to happen
I know how they can keep the hardware out of the hands of hackers. They should just sell an empty shell with the apple logo on it. It will still sell great!
I'm a good cook. I'm a fantastic eater. - Steven Brust
... is TFS linking to some obscure blog written in poor English with little details and no references?
iOS device can do this. iOS device can do that. The iOS device does stuff when the iOS device is used to do stuff. The main objective of the iOS device is to iOS device the iOS device. Another object is to iOS device. In previous versions, iOS device. It happens because of iOS device. It is common to iOS device. Sometimes the iOS device is an iOS device.
If Microsoft had a successful media market so that anyone hacking the OS would also have access to copy & distribute all the digital media on the system, we would have not to wait years to fix serious flaws in the system. No wonder companies see the iPhone as the first candidate for corporate smartphones today. The media content makes it more secure than their own network.
no sig
Anyone with an iDevice reading this, please go backup your 4.3.3 SHSH file right now. Even if you don't think you'll ever jailbreak, please do it as an insurance measure. It's as simple as downloading a program (TinyUmbrella), connecting your phone to the computer, and clicking a button. Behind the scenes it's saving Apple's magic "approval" that allows you to restore your device to the fully-hacked 4.3.3 firmware. In the next few days, Apple is likely to stop signing restore requests for anything except 4.3.4.
It's not that I expect most people to actively *want* to downgrade their firmware in the future. I just like having the *option* to do so. For instance, right now I could restore my iPhone to iOS version 3.1.3 if I wanted to, even though Apple stopped allowing restores to that version years ago.
no but the title is sensationalist at best.
As a few others mentioned, Apple has only closed the most obvious hole that hackers have been using to jailbreak the device. There are probably others, and they have been/will be found. If theres anything that we've learned over the past year or so its that you shouldnt rattle the cage. Im not saying that anyone will go about breaking iTMS and exposing the infos of Apple's userbase, but who knows....
If anything this will serve as a good pentest for future releases. Apple has known about the pdf exploit for quite some time and hasnt completely closed it, so people were able to get comfortable knowing their exploit could work with a bit of tweaking. This will get them off their asses and hunting for new ways to break free of he walled garden once again.
What a BOLD headline.
Who wants to bet it is completely false?
I'll try anything once. Twice if it tastes good
Actually, it's just a tethered jailbreak, meaning you have to connect your device to your computer every time you want to restart it.
I have an iPhone, I've not restarted it more than once between revisions of the O.S. (which force a restart). To me the need to tether on reboot is incredibly minor.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If you have a functioning, pre 4.3.4 iOS, even if Apple has stopped signing it.
http://ih8sn0w.com/index.php/products/view/ifaith.snow
Apple's helped the smartphone market explode, unfortunately they've brought along and prop up so many things criticized on Slashdot that they're an easy target.
Do you remember when, not so long ago, Apple was popular among Slashdotters? Back when their primary focus was on computers and not appliances? It's almost amazing thinking about that now.
It would be interesting if there were some way to plot the volume of comments about Apple over the years that have been positive and negative with their corresponding moderation totals. I can't think of any topic that has gone from overwhelmingly positive to overwhelmingly negative in the past six or seven years.
it's been jailbroken: http://gizmodo.com/5821905/ios-434-has-been-jailbroken
Well, of course... Contingencies are planned for. No one thinks that the "security researchers" looking for exploits to enable jailbreaking just stop looking for exploit vectors once they have root access, do they?
IMHO, Mobile device/OS manufacturers should just give their customers (the end users, not the service providers) root access in an "advanced" menu option... Otherwise it's just a matter of time before some of the "jailbreakers" turn into malware authors...
Don't get me wrong; Including a "Got Root?" option wouldn't keep everyone from searching for exploits, but it would remove a current major motivating factor.
Did you know that due to copyright restrictions of software & games bored Bulgarians began to reverse engineer and crack them. Thus at one point in the 90's Bulgaria was the malware capitol of the world -- Responsible for the most and best of all viruses worldwide.
A similar thing happened for bootleggers of older games for Apple, Amiga, Commodore, and other PCs. In fact, the cracks were rated among their peers according to the duration between a game's release and it's crack date eg: Software cracked only 6 weeks after release was rated as a "42-day crack". It was a competition to the hackers, and sometimes they got a hold of pre-releases just to crack them. If the software was exploited on or before its retail release it was the coveted best rating -- A "Zero-Day" crack!... Somehow the term has changed meaning a bit over the years, along with the term "hacker"; C'est la vie.
Accelerated escape from control due to more constriction. You see this sort of thing happening again and again, it applies to just about everything...
The more you tighten your grip, Tarkin, the faster the spunk will escape from your... fingers.
iOS - Designed for intelligence gatherers:
Has all kinds of other "hidden data" candy
And yet, my business still uses it as the defacto standard because they're puuuuuuuurty.
Personally, I like to show off to The Man, so I continue to not care that much myself, but if I actually had some important job that was life/death to people, yea I wouldn't use an iPhone for work business.
iOS 4.3 is still nowhere to be found, so the CDMA iPhone moves all the way up from 4.2.8 to 4.2.9.
Yes, Apple doesn't like jailbreaking, but it would be stupid of them to not patch the flaw now that it's discovered. It would be nice if they were to provide a sanctioned means to jailbreak the device, but that's another matter. If I wanted a device this open, I'd figure out which Android phone was most hackable and buy that.... and put up with the inferior user interface. As it turns out, I HATE inferior user interfaces, which is why I avoid things like Linux and Windows desktops and which is why I bought an iPhone. For all of the things that are commonly done with a smartphone, the iPhone works great without any fuss (AT&T's flaky network aside). I'm content to stay within this walled garden, because although there are a FEW things I might want to do that I cannot, I don't have to put up with any bullshit to do everything else.
And let me be clear that this comment from yours truly is coming from a semi-well-known open hardware designer. For me, hacking someone else's hardware is often just too frustrating and limiting. I would much rather design something new that's open to begin with and does specifically what I want.
And you may also find it interesting that, as a hardware designer, I have somewhat of a different take on the whole Free Software thing. To me, software is often a just lot of bullshit required to make the hardware work. I care a bit more about the software being stable and easy to use than about it always being open source. On the other hand, although I'm willing to tollerate closed hardware when it suits me (indeed, the vast majority of computer hardware is closed-design), I find it much more desirable to design circuitry that other people can learn from, repurpose, and reprogram as they see fit. To turn this into a proper analogy, look at all this from the perspective of the mechanical engineer. He doesn't care about circuits OR software. But he hates it when machines he buys don't come with blueprints.
Hackers who are pro-jailbreaking are also the most security conscious and they actually support Apple's exploit patching. All the whining is about Apple not supporting an official jailbreak method, not that Apple is making jailbreaking harder.
You probably use 15 electronic devices a day which have microprocessors capable of running arbitrary code but which the manufacturer prevents you from easily running arbitrary code. Why is Apple the bad guy? They are not the first ones to ever make a locked down device.
I find it difficult to believe that anyone is buying the iPhone has a better ui than Android. Where are the iPhone widgets? Seriously though there is little to nothing in it,
I find it impossible to belive that as a hardware designer(sic) you even talk about the iPhone a device from a hardware perspective is a year and a half out of date, with a known hardware flaw.
I find it incredible that you don't understand that both Android and iOS have FOSS origins, and have benefited in different ways. What is relevant perhaps is as a USER should Apple follow the spirit of the BSD License.
:
Personally I'll be buying the phone with the best software/hardware/Open...and that isn't an iPhone
I know that the /. pseudo-nerd crowd loves nothing more than an opportunity to bash Apple, but all what Apple did here was patching a remote root exploit out in the wild. There's nothing wrong with patching that. Really.
This exploit was also used for the last jailbreak, so this jailbreak is now broken. Tough luck, but a totally different thing. Complain about Apple as much as you want, but please don't complain about them patching such exploits.
There is something very different from making a non-general purpose device, and making a general purpose device but locking it down. Sure, my washing machine has a small CPU and such in it. In theory it could be set to do other things (in practice I imagine the firmware can't be changed as it is not field updatable). However that is not its purpose. Its purpose it to wash clothes. The reason it has a CPU is to control various facets of its operation. As such no provision is made for advanced access. It's controls are simple, to make it easy to operate, its display just reads out time and cycle information, any of the CPU's IO ports are connected to sensors, and so on.
They took no steps to restrict my use of it, it just isn't designed for general purpose use. It has a dedicated function.
My smartphone, on the other hand, is the opposite. They went out of their way to make it a general purpose device. It has a powerful CPU and lots of RAM, its storage is all flash so it can be rewritten. It has a large, high resolution, touch display so it can generate arbitrary images and accept arbitrary input. Hell most of the hardware in it is outside of its specialized use, which is to make phone calls. The device was designed as a computer, to allow me to do what I wish on it.
Any restrictions past that are therefore artificial, things the manufacturer or carrier has chosen to impose because they don't want me to do something for whatever reason. The device has all hardware needed and was designed to be general purpose, the locks are all specially added.
That's the difference. If you are going to defend Apple's stuff by the same token you are ok with (and should defend) any DRM on videogames, or Blu-rays or so on. Ay time a company tries to artificially restrict what you can do, that is ok.
Plus in Apple's case it very much is a case like media DRM. Apple doesn't want competition for things like app and media sales, they want to run all that. Maybe users aren't so interested in that idea, maybe they want choice, which I should note Android allows non-rooted.
I'm not happy when a company decides to lock me down for no good reason. So I don't mind that my washing machine is just a washing machine. I also don't mind that when it is in operation there is a non-defeatable door lock, that is for safety. However I'd mind if it told me I couldn't wash my clothes after 10pm, not because of a limitation on its design, but because there was code to stop it for some reason.
Another objective is to prevent the jailbreaking
[citation needed]
Seriously this is as void of thought as anything CNN would have posted. Every new release of IOS stops the previous jailbreak from working where possible. Some devices can be pwned forever. Get with it and stop being like the sensational blogs.
I have an iPhone 3G. It is 2 years old, is still covered under an extended service contract and warranty and Apple has stopped releasing IOS updates for it. So why would anyone want to continue purchasing Apple's phones? They won't even continue to support your device through its warranty and support planes.
... it also improves minigolf scores! ... and whitens your whites. ... and One Other Thing.
i decided not to upgrade for this one - still no good updates on 4.3.4
iphone ÐÐÑÑ