Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple IOS 4.3.4 Jailbroken Hours After Update

Posted by CmdrTaco on from the give-us-the-option dept.

Stoobalou writes "The cat and mouse game between Apple and the jailbreaking community continues unabated as an updated version of PwnageTool hits the web just hours after apple updated its iOS mobile operating system to lock out the JailbreakMe PDF-based exploit."

19 of 121 comments (clear)

  1. Dear hackers by Anonymous Coward · · Score: 4, Interesting

    Thanks to your desire to run any software you wish, you're finding security holes for Apple, free of charge.

    Keep up the good work.

    1. Re:Dear hackers by E+IS+mC(Square) · · Score: 2

      The same guys Steve Jobs identified as terrorists?

  2. Slashdot used to be run by technical editors by Anonymous Coward · · Score: 5, Informative

    No, this isn't a new jailbreak. It's an existing exploit which uses the same hardware exploit found by Geohot MONTHS ago. The exploit install software is now configured for the new iOS version is all. This is why it's a TETHERED exploit, as the untethered exploit add-on no longer works in 4.3.4.

    Is anyone technical even working at Slashdot anymore?

    1. Re:Slashdot used to be run by technical editors by DavidTC · · Score: 2

      No shit. The fact you used to be able to jailbreak your phone by visiting a website was not, in fact, a good thing. At all.

      I'm against all sorts of restrictions on devices sold to people. I'd even argue we should make it illegal to restrict them that way, although for safety we should perhaps require some sort of protected reflash to jailbreak them, so normal consumers don't have to worry about viruses.

      But, legally, people should be able to walk into an Apple store and demand root on their phone, and Apple would have to do it. And Apple should be able to demand you reflash back to unrooted before you get tech support with any software issue. That is my ideal world. Companies should not be allowed to keep control of devices they sell you. (Note this isn't the same as unlocking the phones, which I don't think they should have to do.)

      And even in my ideal world, a website shouldn't be able to get root on an iPhone! Christ, people, think about that for a second. Of course Apple patched that.

      --
      If corporations are people, aren't stockholders guilty of slavery?
    2. Re:Slashdot used to be run by technical editors by StikyPad · · Score: 2

      The fact you used to be able to jailbreak your phone by visiting a website was not, in fact, a good thing.

      Mostly true, however I might add that these exploits will almost inevitably exist as long as software originates with humans. I'm glad we're seeing them used for "good" with jailbreaks rather than for evil. Comex could easily have offered his services to the highest eastern European bidder instead of releasing a jailbreak (with the caveat that the jailbreak may well install a trojan horse for all I know.)

      At any rate, IIRC "Jailbreakme" patches the exploit itself, essentially closing the door behind it on the way in. Functionality + responsibility is pretty cool as far as I'm concerned.

      --
      https://www.eff.org/https-everywhere
  3. Tethered jailbreak by L4t3r4lu5 · · Score: 5, Informative

    This jailbreak requires you to have your phone connected to your computer at every reboot in order to root it, and root is lost if phone is rebooted without connecting to the computer.

    The PDF font handling vulnerability gave you perma-root (unthethered) and could also be used as a drive-by exploit.

    In short, misleading title is misleading.

    --
    Finally had enough. Come see us over at https://soylentnews.org/
    1. Re:Tethered jailbreak by brim4brim · · Score: 2

      But once you have root, why can't you just change that?

    2. Re:Tethered jailbreak by barzam · · Score: 2

      The term "root" is to be understood as "administrator rights". So once you have opened the PDF or whatever your compromised phone downloads and installs another program that persists after the phone has rebooted. In turn, this program can keep sending those sms or log your data or whatever it does.

  4. Re:Hah by Goaway · · Score: 2

    You wish death on Steve Jobs for removing security holes in his products?

  5. Re:It's a drive-by download exploit by Samantha+Wright · · Score: 2

    When JailBreakMe 2 and 3 (the version that iOS 4.3.4 fixes being 3) were released, they came with a patch in Cydia to fix the underlying vulnerability. Not only are jailbreakers conscious of iOS's flaws, they're willing to clean up after themselves. The only people not protected against your drive-by hidden app are those smart enough to jailbreak but dumb enough not to patch, which is a fairly small market segment, because the usual "too-dumb-to-upgrade" population is replaced by the "click-yes-to-everything-iTunes-says" population.

    Sorry, but even tried-and-true wisdom doesn't apply everywhere.

    --
    Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
  6. Re:Realistically and unsurprisingly by MobileTatsu-NJG · · Score: 2, Informative

    Did you expect otherwise?

    Yesterday Slashdot's summary said the last update was to prevent jailbreaking. The article said it was to fix the PDF vulnerability. So, yes, you might expect otherwise if you weren't terribly well informed on the topic.

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  7. Re:It's a drive-by download exploit by tripleevenfall · · Score: 2

    This is the internet... we normally don't require MLA citations for things that are more or less common sense.

  8. Re:Realistically and unsurprisingly by rbrausse · · Score: 3, Interesting

    Note: "There was an unknown error in the submission", constantly. I suspect you think this is spam

    nah, /. implemented Hotmails ban of common passwords and "swordfish" is on the list...

    as a more serious remark: no, I didn't expect a different outcome of the update. It seems that Apple is way too exposed, the [add color]-hat scene has a new interesting opponent - it is boring to hit guys already lying on the ground. But Apple fights like hell to keep their secrets secret, obviously irresistible for hackers.

    This reminds me of the PS3 debacle: The system was attacked after Sony removed the playground "other OS", I believe that a more open approach for iDevices (like store-independent software installation) would decrease the breaking attempts.

  9. Re:It's a drive-by download exploit by Anubis+IV · · Score: 4, Informative

    Here's a fixed title for you: Slashdot user fails at basic reading comprehension. It is NOT a drive-by-download exploit. The drive-by-download PDF vulnerability existed in 4.3.3 but was rapidly patched with the release of 4.3.4, and it has yet to be reopened as a viable exploit. Instead, what these hackers/developers/<your spin here> have managed to do is update their tethered means of jailbreaking to work with 4.3.4, but it currently requires being tethered to your computer with each and every reboot, otherwise you lose root. It's about as far from a drive-by-download as you can imagine and is not currently susceptible to malicious attacks unless you compromise physical access to your device. Now, pardon me while I tout how secure my Apple product is.

  10. Re:It's a drive-by download exploit by robmv · · Score: 2

    WRONG answer, all those users that do no jailbreak their iPhones (a lot of people) are vulnerable to this attack, those are not jailbreak possibilities, those are big security vulnerabilities that are used to jailbreak. I am pretty sure any other OS manufacturer bug like this will be called like they must be called "Security bugs" and not jailbreaks

  11. Re:Hah by PopeRatzo · · Score: 3, Informative

    removing security holes

    Is that what they're calling locking down a device these days?

    By your logic, if the black helicopters showed up on your front lawn and hauled you and your family away to a detention camp they'd be "removing security holes".

    In a way, you'd be right, too.

    Remember what Ben Franklin said about security. If you're willing to give up your freedom for security, you don't deserve either. By Franklin's logic, Apple users deserve nada.

    --
    You are welcome on my lawn.
  12. Re:Hah by Goaway · · Score: 2

    Is that what they're calling locking down a device these days?

    No, that is what we call removing arbitrary privileged code execution vulnerabilities in web browsers.

  13. Apple did not push fix to break jailbreaking by SuperKendall · · Score: 3, Insightful

    In two separate stories now, it has been put forth that Apple pushed out this fix with the mustache-twirling intent to stop jailbreaking.

    Well obviously not, since the problem that lets tethered jailbreaking work is without issue. The REAL reason Apple "broke" untethered jailbreaking is that it was a gaping flaw in PDF handling that would let an attacker gain control of the system.

    I realize Slashdot has a more general readership these days but surely anyone can see that leaving an exploit like that unlatched is bad. In fact other companies have been chastised for leaving holes like that open for too long, and rightfully so...

    So please let us drop the pretense that every security patch is Apple out to stop jailbreaking. Apple in fact does not really care if you jailbreak, and is using it covertly to see what new features might be good to add to the platform by viewing the experimental jailbreak community... sometimes not so covertly as the case of them hiring the guy who did jailbroken notification handling to fix notification handling in iOS5! I can't think of a clearer signal that jailbreaking has at least covert approval within Apple.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  14. Re:Hah by shutdown+-p+now · · Score: 2

    The security hole was real, and could be used to run arbitrary code on your phone, not necessarily to give you control over it.