Slashdot Mirror
iOS 4.3.4 Prevents Hacking and Jailbreaking
Mightee writes "Apple has released a software update to iOS, version 4.3.4, for the iPhone 4, 3GS, iPad 2, 1, and iPod Touch. The main objective of this version is to prevent the hacking in Apple iOS devices which occurs through malicious PDF files. Another objective is to prevent the jailbreaking which occurs as a consequence of the previous effect. In previous versions, the iOS device is easily vulnerable to attacks. It happens because of mishandling of fonts embedded in the PDF file. Sometimes a downloaded PDF may be malicious, and there is a possibility that the file could inject malware into the iOS device, which gives a chance for the hackers to access the hardware of the iOS device."
The grammar isn't good enough for it to be auto-generated.
it's been jailbroken: http://gizmodo.com/5821905/ios-434-has-been-jailbroken
Yup! So keep making those hostile devices, Apple, we'll keep buying them (like fools!)
Its as if this update solved all problems and will solve all problems in the future.
"iOS 4.3.4 solves known pdf exploits"
Would have made sense.
None of this "Prevents Hacking and Jailbreaking" nonsense.
Yeah, sure, I want any random website to be able to root my phone. That's exactly what jailbreakme.com does and it could do it without my permission just by visiting the site if the authors wanted to do it. Yes, this is a MAJOR security vulnerability, even if it is currently only being used for good and not evil.
Anyone with an iDevice reading this, please go backup your 4.3.3 SHSH file right now. Even if you don't think you'll ever jailbreak, please do it as an insurance measure. It's as simple as downloading a program (TinyUmbrella), connecting your phone to the computer, and clicking a button. Behind the scenes it's saving Apple's magic "approval" that allows you to restore your device to the fully-hacked 4.3.3 firmware. In the next few days, Apple is likely to stop signing restore requests for anything except 4.3.4.
It's not that I expect most people to actively *want* to downgrade their firmware in the future. I just like having the *option* to do so. For instance, right now I could restore my iPhone to iOS version 3.1.3 if I wanted to, even though Apple stopped allowing restores to that version years ago.
no but the title is sensationalist at best.
As a few others mentioned, Apple has only closed the most obvious hole that hackers have been using to jailbreak the device. There are probably others, and they have been/will be found. If theres anything that we've learned over the past year or so its that you shouldnt rattle the cage. Im not saying that anyone will go about breaking iTMS and exposing the infos of Apple's userbase, but who knows....
If anything this will serve as a good pentest for future releases. Apple has known about the pdf exploit for quite some time and hasnt completely closed it, so people were able to get comfortable knowing their exploit could work with a bit of tweaking. This will get them off their asses and hunting for new ways to break free of he walled garden once again.
like all those Blackberry and some Android devices?
Sure, not like I own one of those either.
I love it when people conveniently forget the other guilty parties when engaging in AppleHate(tm)
Apple is the biggest pusher of every concept that's ever been criticized on Slashdot. They're simply the easiest example, so stop whining.
I'm with you, why does Apple care about protecting users from malicious access!?
Like anyone can even know that
I suspect it was because no one really cared, and were seen as business devices bought by companies for their employees for the most part. I also don't believe they restricted you from sideloading software unless an IT policy was put in place.
Apple's helped the smartphone market explode, unfortunately they've brought along and prop up so many things criticized on Slashdot that they're an easy target.
Name one legitimate reason to want to jailbreak your phone now days.
Ownership. No other reason is necessary.
I regret buying an iphone and wish I had bought an Android Phone. It has become glaringly obvious that you just get a lot more for your money in comparison (including phone features and programs).
Apple's helped the smartphone market explode, unfortunately they've brought along and prop up so many things criticized on Slashdot that they're an easy target.
Do you remember when, not so long ago, Apple was popular among Slashdotters? Back when their primary focus was on computers and not appliances? It's almost amazing thinking about that now.
It would be interesting if there were some way to plot the volume of comments about Apple over the years that have been positive and negative with their corresponding moderation totals. I can't think of any topic that has gone from overwhelmingly positive to overwhelmingly negative in the past six or seven years.
...some Android devices?
Now if only that was "some iOS devices". Choice rocks, doesn't it?
Apple users call choice FRAGMENTATION
"Sure, the boys in Steve's lab can make it hack-proof. But that don't mean we ain't gonna hack it.". All we need now is someone to come out with a jailbreak that depends on the success of a plumbing minigame and we're in business!
Seriously why don't folks just accept if you want Steve's toys you have to play with them Steve's way? If you want freedom to do what you want with YOUR device you do NOT want an Apple iShiny, what you want is this little thing called an Android. Hell even the WinPhone is more open last I checked, as they made it butt simple to load third party apps.
Not to say old Steve don't make good gear, hell the man is famous for cutting out the bullshit and making things simple that "just work". But surely by now everyone has to know Steve has always been a control freak, going back to that Apple that would overheat because Steve hated the sound of fans.
Apple will ALWAYS be the most locked down walled garden approach, that is how Steve makes sure things are just the way he likes it, and as a side effect it'll make it so Apple doesn't have to worry about malware without actually hardening the OS, just make it so only pre-approved apps run and there you go. If that doesn't appeal to you? Get Android or WinPhone or WebOS devices, it isn't like there isn't plenty of choices out there.
I just don't get why people would pay for the Apple markup only to turn right around and look for ways to break into the thing. it just seems like a lot of work when there are plenty of other choices. Vote with your wallets people, if design and simplicity matters? Buy Apple. If being able to control your device and do as you please matters to you? Get something else. Why is that so hard?
ACs don't waste your time replying, your posts are never seen by me.
like all those Blackberry and some Android devices?
Sure, not like I own one of those either.
I love it when people conveniently forget the other guilty parties when engaging in AppleHate(tm)
Apple is the biggest pusher of every concept that's ever been criticized on Slashdot. They're simply the easiest example, so stop whining.
No, the problem is Slashdot goes full retard with regards to Apple. "Steve Jobs wants to control you", "if you jailbreak, you live in fear or going to jail", "iPad is just a toy, and will fail", "Android is beating iOS", "*Apple* has a secret kill switch that you must fear" (although so does Google, and unlike Apple, Google has actually *used* theirs, man times!), "Apple is anti-consumer" (reality: The consumer is Apple's customer, and the consumer is Google's product), "Apple is going to turn you in for piracy if you use iCloud".
No, the problem isn't that Apple is the "biggest pusher of every concept that's ever been criticized on Slashdot" (like, open source software? Open standards?), nor is the problem that "they're simply the easiest example". The problem is that Slashdot nerds are extremely simplistic. If you do *one thing* they don't like, you're evil, no appeal go directly to the 'we hate you' category.
People wouldn't be loud about Apple patching security holes if those same holes weren't necessary for jailbreaks. I suspect people wouldn't say a thing if there were other, legitimate means of getting the same level of access.
By "people", you do understand you really mean "small subset of nerds", right? *People* just simply aren't giving a shit about this. That's why there's such disparity between comments on Slashdot and Apple's success in the market.
You (as someone that jailbreaks) are as much Apple's enemy as any potential malware vendor, however.
Bullshit. Not a single jailbreaking end-user is "Apple's enemy". *Maybe* the handful of people writing the jailbreaks are, but even that's dubious.
This is the problem I pointed out to you in another post. Slashdotters are notoriously irrational about these types of things. There's nothing wrong with disliking Apple or how they manage their products, but the way many of you here respond to Apple, it's less reasonable than the so-called "fanboys" many of you call anyone who doesn't share your opinions.
Ahh, so *you* dont do something, therefore nobody in the rest of the world needs to either?
Oh, I'm sure you Android owners have to all the time...
You walked right into that one. Fail.
But seriously the article was about iPhones and they simply hardly ever need resetting (except as I said for system updates). For a long time tethered jailbreaks were all people had and it didn't stop a few million people from doing so anyway... many of them not very technical users.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
You probably use 15 electronic devices a day which have microprocessors capable of running arbitrary code but which the manufacturer prevents you from easily running arbitrary code. Why is Apple the bad guy? They are not the first ones to ever make a locked down device.
going back to that Apple that would overheat because Steve hated the sound of fans.
The G4 Cube only overheated if you covered the vents. Admittedly, putting the only vents on the top of the computer, which was a flat and a seemingly prime spot to set something down, was a minor oversight on their part. And by minor, I mean the opposite.
Still, that particular mistake is not as bad as when Microsoft forgot that people have carpet in their homes, which led to the original line of Xbox consoles having unexpected errors and shutdowns as a result of overheating whenever the power brick was placed directly on carpet. Really though, Apple's error with that particular model was the exorbitant price for the specs it offered. It really was a case of them charging a premium for no reason other than design, and the Cube was a flop because of it. They finally got the price, design, and specs to a better place later on, however, which is where the Mac mini came from, and Microsoft was quick to handle the power brick issue, so at least they've both learned from their mistakes.
I can't speak for people who hate RIM, but after being handed a Blackberry by a colleague and being asked to set it up I decided there was a reason why their market cap has halved in the last 6 months - the thing was a bitch to use.
Want to copy contact across - Orange suggest copying all contacts onto SIM (confirmed SIM supports multiple numbers per contact). When imported from SIM onto Blackberry it only copied the first number for each contact. I then plugged the SIM into my phone, and confirmed that all the contacts details had been copied onto the SIM correctly.
Compare this to a HTC Desire - It asks you what the old phone is, if it has bluetooth it provides instructions on how to activate it - then it sucks all the contacts, calendar entries & text messages off the old phone, job was done in 2 minutes.
And where the fuck is a proper IMAP4 client, not their shitty method of syncing though RIM's servers. If I read a message on my phone it should be marked as read on my computer.
My opinion about Nokia & RIM losing half their value in 6 months is that they fucking deserve it - they clearly can't make sensible phones anymore. Last time I had to copy data from one Nokia to another I needed to install two separate versions of Nokia desktop - WTF?
Typical ignorant slashdotter:
What Open Software? OSX isn't open. Safari isn't open. iTunes sure isn't open. iOS is incredibly closed.
opensource.apple.com
What open standards, sure Apple wants HTML5, but they've also patented part of the specification and aren't releasing those patents as is required by the W3C.
Bullshit. Apple has not patented part of HTML5. Apple is not MPEG-LA. They cannot release those patents, but those patents are a red herring anyway. Apple almost universally supports open standards. HTML5 is just one example of many.
They're suing their competition into oblivion with patent claims that are more ridiculous than SCO's were.
Bullshit. There isn't a single example of Apple doing this. On the other hand, Apple, unlike SCO, has actually invented quite a lot over the years, and protects their inventions.
I know that the /. pseudo-nerd crowd loves nothing more than an opportunity to bash Apple, but all what Apple did here was patching a remote root exploit out in the wild. There's nothing wrong with patching that. Really.
This exploit was also used for the last jailbreak, so this jailbreak is now broken. Tough luck, but a totally different thing. Complain about Apple as much as you want, but please don't complain about them patching such exploits.
Just because most people won't care about it doesn't mean it isn't a legitimate reason; legitimacy in no way requires or implies relevancy. That said while I don't own any Apple devices, I've not bothered to root my Android phone.
It's official. Most of you are morons.