Slashdot Mirror
Apple IOS 4.3.4 Jailbroken Hours After Update
Stoobalou writes "The cat and mouse game between Apple and the jailbreaking community continues unabated as an updated version of PwnageTool hits the web just hours after apple updated its iOS mobile operating system to lock out the JailbreakMe PDF-based exploit."
"The same users"? I'm sure you can provide an example of the same person saying those two things, yes?
Did you expect otherwise?
In the words of Stanley Jobson, from the film Swordfish, "Nothing is impossible."
Note: "There was an unknown error in the submission", constantly. I suspect you think this is spam, or the hamster in your wheel has died. so please let this post go through, comment system.
Tethered is much easier to do, and much less useful, since it requires re-doing it after every device reboot.
Thanks to your desire to run any software you wish, you're finding security holes for Apple, free of charge.
Keep up the good work.
Although it did take /. longer to have the follow up to this story.
Time to offend someone
No, this isn't a new jailbreak. It's an existing exploit which uses the same hardware exploit found by Geohot MONTHS ago. The exploit install software is now configured for the new iOS version is all. This is why it's a TETHERED exploit, as the untethered exploit add-on no longer works in 4.3.4.
Is anyone technical even working at Slashdot anymore?
This jailbreak requires you to have your phone connected to your computer at every reboot in order to root it, and root is lost if phone is rebooted without connecting to the computer.
The PDF font handling vulnerability gave you perma-root (unthethered) and could also be used as a drive-by exploit.
In short, misleading title is misleading.
Finally had enough. Come see us over at https://soylentnews.org/
I don't hold out much hope. His comment doesn't even make sense to anyone who has actually read the article. 100% troll.
Invaders must die
Is there anything that is quite as effective as bragging rights to drive innovation (besides Economics, of course)? I don't know if security on iOS could get any better faster if you didn't have a determined group trying to break it publicly.
Friends help you move. Real friends help you move bodies.
Never forget: 2 + 2 = 5 for extremely large values of 2.
You wish death on Steve Jobs for removing security holes in his products?
When JailBreakMe 2 and 3 (the version that iOS 4.3.4 fixes being 3) were released, they came with a patch in Cydia to fix the underlying vulnerability. Not only are jailbreakers conscious of iOS's flaws, they're willing to clean up after themselves. The only people not protected against your drive-by hidden app are those smart enough to jailbreak but dumb enough not to patch, which is a fairly small market segment, because the usual "too-dumb-to-upgrade" population is replaced by the "click-yes-to-everything-iTunes-says" population.
Sorry, but even tried-and-true wisdom doesn't apply everywhere.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
The relevant question is: How many days until they come up with an untethered break? I give it no more than 2 weeks, tops.
This is the internet... we normally don't require MLA citations for things that are more or less common sense.
Here's a fixed title for you: Slashdot user fails at basic reading comprehension. It is NOT a drive-by-download exploit. The drive-by-download PDF vulnerability existed in 4.3.3 but was rapidly patched with the release of 4.3.4, and it has yet to be reopened as a viable exploit. Instead, what these hackers/developers/<your spin here> have managed to do is update their tethered means of jailbreaking to work with 4.3.4, but it currently requires being tethered to your computer with each and every reboot, otherwise you lose root. It's about as far from a drive-by-download as you can imagine and is not currently susceptible to malicious attacks unless you compromise physical access to your device. Now, pardon me while I tout how secure my Apple product is.
WRONG answer, all those users that do no jailbreak their iPhones (a lot of people) are vulnerable to this attack, those are not jailbreak possibilities, those are big security vulnerabilities that are used to jailbreak. I am pretty sure any other OS manufacturer bug like this will be called like they must be called "Security bugs" and not jailbreaks
yeah the new exploit is tethered only this time. so it only took apple couple of weeks(?) to fix the browser accessible hole.
world was created 5 seconds before this post as it is.
Or Android devices made by assholes (read: Motorola, etc.) who lock down the bootloader.
upon the advice of my lawyer, i have no sig at this time
Is that what they're calling locking down a device these days?
By your logic, if the black helicopters showed up on your front lawn and hauled you and your family away to a detention camp they'd be "removing security holes".
In a way, you'd be right, too.
Remember what Ben Franklin said about security. If you're willing to give up your freedom for security, you don't deserve either. By Franklin's logic, Apple users deserve nada.
You are welcome on my lawn.
However jailbreak users had a fix for this vulnerability available immediately right from the device itself, while non jailbreak users had to wait for Apple to provide one, and then must tether their device to a computer, download a large firmware file, reflash it and then restore all their settings to the device in order to be immune to the exploit.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Here's a fixed title: "engineerpop Too Stupid To Tell Difference Between Drive-By Exploit And Tethered Jailbreak"
Fandroids hate facts.
>
Remember what Ben Franklin said about security. If you're willing to give up your freedom for security, you don't deserve either. By Franklin's logic, Apple users deserve nada.
I have always felt this way. "It just works" is a good way to describe the way the Burmese regime works. Of course it just works, there is not allowed to be any dissention among the ranks. If the large population of iDiots that purport to have superior products, security, etc ad nauseum actually looked at everything they were giving up just to have their comfy blanket of apple security, they'd be a little disappointed.
I got here through a series of tubes
Is that what they're calling locking down a device these days?
No, that is what we call removing arbitrary privileged code execution vulnerabilities in web browsers.
Translation: "I never question things I want to be true, I just call them common sense instead."
You're going to call and send SMS with an iPad? Good luck with that.
"Use premium data" maybe? Again I lawl, sir.
The preceding comment is my own, and in no way construes an opinon of the Emperor of Mankind.
Common sense is not common and what is touted as "common sense" rarely makes sense when scrutinized.
For example, any political campaign that runs with a core "common sense" message.
/. should really have a macro for that quote as much as it gets used here.
Type BFQ and autoexpand from there.
I guess "iOS 4.3.4 Prevents Hacking and Jailbreaking" wasn't true after all.
It's common knowledge that common sense is usually wrong.
Yes, I don't go to porn sites to look at the pictures. I read the (PDF) articles.
It's a shame Sprint has abandoned the HPalm line. Hopefully it will gain traction on Verizon and ATT. No 'jailbreaking' necessary. The platform is open and easy to modify to your heart's content. HP actively recognizes, encourages, and works with the homebrew community.
http://www.webos-internals.org/wiki/Main_Page
However jailbreak users had a fix for this vulnerability available immediately right from the device itself, while non jailbreak users had to wait for Apple to provide one, and then must tether their device to a computer, download a large firmware file, reflash it and then restore all their settings to the device in order to be immune to the exploit.
I don't let third parties patch my systems, at work or at home. But... Both tethering and the large firmware file are accurate but no longer true in iOS5 due possibly in September. The reflash and "restore" is currently handled by iTunes in one operation. I use the bunny ears for restore because I don't know the specifics, but the end user experience is to click "OK" when prompted to update and a bit later the phone is updated and ready for use. There is no separate restore.
Is that what they're calling locking down a device these days?
No, that is what we call removing arbitrary privileged code execution vulnerabilities in web browsers.
Definitely. It's the same thing Google did with Android in 2008. They patched an exploit that was also used to jailbreak phones.
Restore all your settings? Only if you jailbreak. Normally, the upgrade process does not involve any sort of restore....
Check out my sci-fi/humor trilogy at PatriotsBooks.
This basically means that they are out of software zero day exploits.
Having a walled garden is definitely responsible for Apple's high level of security.
This is the internet... we normally don't require MLA citations for things that are more or less common sense.
But if something is contested, it'd be nice to have a URL or at least proper Google keywords to research the issue. Hence the "citation needed" meme that started at Wikipedia.
That is the rule of the internet. Just remember about 1/2 of the population has below average intelligence.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
100% of the internet population is over-opinionated and under-informed
I didn't buy an iPhone. But what should I buy instead of an iPod touch? Samsung Galaxy Player didn't appear available last time I looked, and Archos devices don't have Android Market.
That may be your opinion, but I think you should read some more.
In two separate stories now, it has been put forth that Apple pushed out this fix with the mustache-twirling intent to stop jailbreaking.
Well obviously not, since the problem that lets tethered jailbreaking work is without issue. The REAL reason Apple "broke" untethered jailbreaking is that it was a gaping flaw in PDF handling that would let an attacker gain control of the system.
I realize Slashdot has a more general readership these days but surely anyone can see that leaving an exploit like that unlatched is bad. In fact other companies have been chastised for leaving holes like that open for too long, and rightfully so...
So please let us drop the pretense that every security patch is Apple out to stop jailbreaking. Apple in fact does not really care if you jailbreak, and is using it covertly to see what new features might be good to add to the platform by viewing the experimental jailbreak community... sometimes not so covertly as the case of them hiring the guy who did jailbroken notification handling to fix notification handling in iOS5! I can't think of a clearer signal that jailbreaking has at least covert approval within Apple.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
When I saw that the IOS 4.3.4 Un-jailbreakable! story was still on the front page when this came out. And remains there as of this writing.
Who did what now?
I believe your premise is over-thought and overrated, and humbly suggest you collect more data before making said assumption.
Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
Um, what?
Steps you listed, for jailbreakers:
1. There is no step one.
Non-jailbreakers:
1. Wait for Apple
2. tether to computer
3. download a "large" file
4. reflash it
5. restore settings
You artificially expanded one set of steps, and collapsed the other. Why is that?
Well anyone who has watched Pwn to own or read the article posted on OSNews on OSX knows that security in the Apple camp as largely been a gift of security through obscurity which the incredible numbers put up by the iPhone and iPad killed pretty damned dead. Oh and before someone chimes in (as they always do) that they go after the Mac over the WinBox because the Mac is nicer? Protip: The first one to drop ANY machine gets $10,000 so risking that amount on trying to get a Macbook one could easily buy with the check would be dumb and those guys ain't dummies.
I'd say the real problem for Apple is they have both the white and black hats trying to crack them, the whites to jailbreak their iShiny while the blacks want to pwn the iShiny. Maybe they should take the whites out of the equation by offering a "void warranty and jailbreak now" button?
That would leave just the black hats which admittedly will be a MUCH harder problem, just look at how many years it took for MSFT to get Windows from the crazy 19 infections per 1000 boxes with WinXP to the 4 per 1000 with 7. They had to harden the OS with improvements to DEP, ASLR, process isolation, hell if that isn't enough for you you can do what I did with my customers and add Structured Exception Handling Overwrite Protection which works beautifully without any programs hanging.
But what Apple has ended up with is gonna be more than a bit of a puzzler, as the devices iOS runs on aren't really powerful enough to deal with the overhead of the above security features, yet people still expect to be able to install and run programs on the things like a laptop. Short of ripping out support for most functions and instead having everything go through Apple's servers in a thin client kind of way I just don't see how they are gonna stop the malware guys. The malware guys have seen the numbers of sales, have seen there is blood in the water, and now the sharks are coming wanting a bite. It doesn't help I've had conversation with Apple users that still believe the "Apple is immune to malware" meme, at least the Windows and Linux users see and accept the web is a dangerous place.
Perhaps the thin client model is the way to go for Apple. They certainly have the server capacity now and it would fit right in with their walled garden approach, the only question is would streaming everything client server style clog the networks worse than they are. Doesn't Opera already do this with their mobile browser BTW? Maybe taking a page from their book wouldn't be such a bad idea.
ACs don't waste your time replying, your posts are never seen by me.
Considering mine iPad has cellular and a phone number, its not like its impossible.
Of course, I do actually send and make calls if for some reason my phone doesn't work, on my ipad ... but thats VoIP which is only brought into play if the closest landline is at least 48 hours away from me at best possible speed, but thats with another couple of non-builtin apps I've added.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
The security hole was real, and could be used to run arbitrary code on your phone, not necessarily to give you control over it.
That's nice. My iPad 3G has been doing those things for over a year as well. Those are through apps, not natively. Unless the exploiters are writing and installing a custom baseband, they are NOT making premium SMS or premium calls from either of our iPads. I doubt AT&T would know what to do if you spoofed a data iPad's SIM and tried to make a call, they'd probably just drop the connection.
The preceding comment is my own, and in no way construes an opinon of the Emperor of Mankind.