Slashdot Mirror

← Back to Stories (view on slashdot.org)

iOS 4.3.4 Prevents Hacking and Jailbreaking

Posted by samzenpus on from the higher-walls dept.

Mightee writes "Apple has released a software update to iOS, version 4.3.4, for the iPhone 4, 3GS, iPad 2, 1, and iPod Touch. The main objective of this version is to prevent the hacking in Apple iOS devices which occurs through malicious PDF files. Another objective is to prevent the jailbreaking which occurs as a consequence of the previous effect. In previous versions, the iOS device is easily vulnerable to attacks. It happens because of mishandling of fonts embedded in the PDF file. Sometimes a downloaded PDF may be malicious, and there is a possibility that the file could inject malware into the iOS device, which gives a chance for the hackers to access the hardware of the iOS device."

23 of 281 comments (clear)

  1. aaaand... by milbournosphere · · Score: 5, Informative

    it's been jailbroken: http://gizmodo.com/5821905/ios-434-has-been-jailbroken

    1. Re:aaaand... by gutnor · · Score: 3

      un-tethered jailbreak

      So you hope to see another way that any website can get root access to your device and change the operating system without the connected user consent ? An you consider that a plus on a "critical"(your word) device like your phone ??

      -Mind blows-

    2. Re:aaaand... by smash · · Score: 4, Insightful

      iphone does everything i want in a phone and doesn't feel like it is made of cheese like all the samsung/htc devices i have encountered. so, as far as i'm concerned, apple deserve my money.

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
    3. Re:aaaand... by Anonymous Coward · · Score: 4, Insightful

      Sorry mate but the tethering fee is NOT an iOS issue. I can tether my iPhone to any of my devices and not pay a fee and I haven't even jailbroken it and refuse to to do because there is no legitimate need to. The tethering fee seems to be an American and Canadian thing not a rest of world thing.

      Don't blame Apple blame your crappy cell companies.

    4. Re:aaaand... by MightyYar · · Score: 3, Insightful

      Actual ownership of your device. Sorta like how your PC doesn't try and fight you.

      You betray your influence... :) You seem to see the iPhone as a PC in phone form. I think most see it as a phone with some extra features, or at least an appliance of some sort. People don't "own" their car software, dishwasher software, oven software, fridge software, TV software, etc. The PC is the exception to the rule. It's not necessarily "evil" for an appliance-style device to be locked down - it all depends on the end user. Some people still get pissed that they can't service their $5 FM radio...

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    5. Re:aaaand... by Cimexus · · Score: 5, Informative

      I can tether my iPhone (via Bluetooth or USB to a single device, or via Wifi to up to 5 devices), without a fee. Your ~telephone company~ may charge you a fee for doing it. My carrier doesn't charge for it (actually I don't think any major carriers here do - some of them used to, but people bitched about it too much and they got rid of the fees). But it has nothing to do with the phone itself. Complain about your carrier, not the phone or OS.

      There are legitimate arguments to be made against Apple's/iOS's restrictions. But that is not one of them. The rest of your points are very valid but it hurts your argument somewhat to lead off with a falsehood - makes you sound like a blind Apple-hater that doesn't care about the actual facts.

    6. Re:aaaand... by Dynedain · · Score: 3, Informative

      Untethered Jailbreak doesn't mean what you seem to think it does.

      Tethered jailbreaks require you to connect to a computer every time you reboot in order to jailbreak. Untethered jailbreaks are persistant through iOS power cycles.

      The browser exploit is one way to jailbreak (and because of the attack vector, a very important one to block). But it is not the only way to have an untethered jailbreak.

      --
      I'm out of my mind right now, but feel free to leave a message.....
  2. Re:Make something unbreakable... by Microlith · · Score: 4, Insightful

    Yup! So keep making those hostile devices, Apple, we'll keep buying them (like fools!)

  3. What a stupid title by Haedrian · · Score: 5, Insightful

    Its as if this update solved all problems and will solve all problems in the future.

    "iOS 4.3.4 solves known pdf exploits"

    Would have made sense.

    None of this "Prevents Hacking and Jailbreaking" nonsense.

    1. Re:What a stupid title by Kenja · · Score: 4, Informative

      Better description would be "iOS 4.3.4 fixes known PDF security flaw".

      This is a good thing. If you can use the flaw to root your phone, then so could someone else. But then that would be a less sensationalist article.

      --

      "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    2. Re:What a stupid title by anethema · · Score: 5, Interesting

      You know what is funny? The person who wrote the jailbreak (comex) also put a patch for the PDF flaw in the jailbroken debian APT system for the phone.

      The funny part is since iPhone 3G's and earlier iPod touches don't get firmware updates anymore, being jailbroken is the ONLY way to be free of this flaw in those earlier devices.

      --


      It's easier to fight for one's principles than to live up to them.
  4. Backup your SHSH files - NOW by DanTheManMS · · Score: 5, Insightful

    Anyone with an iDevice reading this, please go backup your 4.3.3 SHSH file right now. Even if you don't think you'll ever jailbreak, please do it as an insurance measure. It's as simple as downloading a program (TinyUmbrella), connecting your phone to the computer, and clicking a button. Behind the scenes it's saving Apple's magic "approval" that allows you to restore your device to the fully-hacked 4.3.3 firmware. In the next few days, Apple is likely to stop signing restore requests for anything except 4.3.4.

    It's not that I expect most people to actively *want* to downgrade their firmware in the future. I just like having the *option* to do so. For instance, right now I could restore my iPhone to iOS version 3.1.3 if I wanted to, even though Apple stopped allowing restores to that version years ago.

  5. iOS 10 cures cancer! by metalmaster · · Score: 3, Informative

    no but the title is sensationalist at best.

    As a few others mentioned, Apple has only closed the most obvious hole that hackers have been using to jailbreak the device. There are probably others, and they have been/will be found. If theres anything that we've learned over the past year or so its that you shouldnt rattle the cage. Im not saying that anyone will go about breaking iTMS and exposing the infos of Apple's userbase, but who knows....

    If anything this will serve as a good pentest for future releases. Apple has known about the pdf exploit for quite some time and hasnt completely closed it, so people were able to get comfortable knowing their exploit could work with a bit of tweaking. This will get them off their asses and hunting for new ways to break free of he walled garden once again.

  6. Re:Make something unbreakable... by Microlith · · Score: 3, Insightful

    like all those Blackberry and some Android devices?
    Sure, not like I own one of those either.

    I love it when people conveniently forget the other guilty parties when engaging in AppleHate(tm)

    Apple is the biggest pusher of every concept that's ever been criticized on Slashdot. They're simply the easiest example, so stop whining.

  7. Re:Make something unbreakable... by Microlith · · Score: 5, Insightful

    Name one legitimate reason to want to jailbreak your phone now days.

    Ownership. No other reason is necessary.

  8. Re:Make something unbreakable... by Dan667 · · Score: 3, Insightful

    I regret buying an iphone and wish I had bought an Android Phone. It has become glaringly obvious that you just get a lot more for your money in comparison (including phone features and programs).

  9. Re:Make something unbreakable... by tuppe666 · · Score: 4, Funny

    ...some Android devices?

    Now if only that was "some iOS devices". Choice rocks, doesn't it?

    Apple users call choice FRAGMENTATION

  10. Re:Make something unbreakable... by hairyfeet · · Score: 5, Insightful

    "Sure, the boys in Steve's lab can make it hack-proof. But that don't mean we ain't gonna hack it.". All we need now is someone to come out with a jailbreak that depends on the success of a plumbing minigame and we're in business!

    Seriously why don't folks just accept if you want Steve's toys you have to play with them Steve's way? If you want freedom to do what you want with YOUR device you do NOT want an Apple iShiny, what you want is this little thing called an Android. Hell even the WinPhone is more open last I checked, as they made it butt simple to load third party apps.

    Not to say old Steve don't make good gear, hell the man is famous for cutting out the bullshit and making things simple that "just work". But surely by now everyone has to know Steve has always been a control freak, going back to that Apple that would overheat because Steve hated the sound of fans.

    Apple will ALWAYS be the most locked down walled garden approach, that is how Steve makes sure things are just the way he likes it, and as a side effect it'll make it so Apple doesn't have to worry about malware without actually hardening the OS, just make it so only pre-approved apps run and there you go. If that doesn't appeal to you? Get Android or WinPhone or WebOS devices, it isn't like there isn't plenty of choices out there.

    I just don't get why people would pay for the Apple markup only to turn right around and look for ways to break into the thing. it just seems like a lot of work when there are plenty of other choices. Vote with your wallets people, if design and simplicity matters? Buy Apple. If being able to control your device and do as you please matters to you? Get something else. Why is that so hard?

    --
    ACs don't waste your time replying, your posts are never seen by me.
  11. Re:Make something unbreakable... by node+3 · · Score: 3, Interesting

    like all those Blackberry and some Android devices?
    Sure, not like I own one of those either.

    I love it when people conveniently forget the other guilty parties when engaging in AppleHate(tm)

    Apple is the biggest pusher of every concept that's ever been criticized on Slashdot. They're simply the easiest example, so stop whining.

    No, the problem is Slashdot goes full retard with regards to Apple. "Steve Jobs wants to control you", "if you jailbreak, you live in fear or going to jail", "iPad is just a toy, and will fail", "Android is beating iOS", "*Apple* has a secret kill switch that you must fear" (although so does Google, and unlike Apple, Google has actually *used* theirs, man times!), "Apple is anti-consumer" (reality: The consumer is Apple's customer, and the consumer is Google's product), "Apple is going to turn you in for piracy if you use iCloud".

    No, the problem isn't that Apple is the "biggest pusher of every concept that's ever been criticized on Slashdot" (like, open source software? Open standards?), nor is the problem that "they're simply the easiest example". The problem is that Slashdot nerds are extremely simplistic. If you do *one thing* they don't like, you're evil, no appeal go directly to the 'we hate you' category.

  12. Is your microwave hostile? by Brannon · · Score: 4, Insightful

    You probably use 15 electronic devices a day which have microprocessors capable of running arbitrary code but which the manufacturer prevents you from easily running arbitrary code. Why is Apple the bad guy? They are not the first ones to ever make a locked down device.

    1. Re:Is your microwave hostile? by Opportunist · · Score: 3, Insightful

      But these devices all can do everything I want to do with them, why bother modifying them? If you're happy with what your iPhone can do out of the box, the same applies to you and your iPhone. But I don't remember any washing machine manufacturer trying to keep the buyers of their machines from trying to "jailbreak" them and turn them into something the creator didn't intend them to be. If I think my washing machine should turn with more RPM, I doubt Siemens or Hoover are going to sue me over it, not even if I create a kit and sell it to others (not give it away. SELL it, for profit).

      What else is there that has a microprocessor with "locked down" code? Well, e.g. cars. And for cars there's chip tuning. Not only do people sell that service, but as far as I can tell car manufacturers don't even try to keep them from doing it. Why bother? If anything, it might make the car break faster and people need spare parts, so more power to them!

      Care to inform me about any device or appliance that has a microprocessor capable of running arbitrary code that has been locked down AND where the manufacturer is acting like you're a criminal if you try to change that? Aside of i$Devices and cellphones?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  13. Re:Make something unbreakable... by Anubis+IV · · Score: 3, Interesting

    going back to that Apple that would overheat because Steve hated the sound of fans.

    The G4 Cube only overheated if you covered the vents. Admittedly, putting the only vents on the top of the computer, which was a flat and a seemingly prime spot to set something down, was a minor oversight on their part. And by minor, I mean the opposite.

    Still, that particular mistake is not as bad as when Microsoft forgot that people have carpet in their homes, which led to the original line of Xbox consoles having unexpected errors and shutdowns as a result of overheating whenever the power brick was placed directly on carpet. Really though, Apple's error with that particular model was the exorbitant price for the specs it offered. It really was a case of them charging a premium for no reason other than design, and the Cube was a flop because of it. They finally got the price, design, and specs to a better place later on, however, which is where the Mac mini came from, and Microsoft was quick to handle the power brick issue, so at least they've both learned from their mistakes.

  14. Re:Remember when Apple was popular on Slashdot? by HuguesT · · Score: 3, Informative

    OSX absolutely is Unix standard compliant. This means it does have X11, and all the POSIX layers, yes, and we like that very very much. The other stuff you can choose not to run. AFAIK the kernel (XNU) is still open-source and there is an effort called puredarwin aiming at producing a full distribution based on darwin.