Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Releases Patch For Evasi0n Jailbreak (After It's Used 18 Million Times)

Posted by Soulskill on from the at-least-you-tried dept.

Sparrowvsrevolution writes "Apple has released a new update for iOS that prevents the jailbreak evasi0n released last month. But that hacking tool has already become the most popular jailbreak ever: It's been used to remove the software restrictions on 18.2 million devices in the 43 days between its release and the patch, according to data from Cydia, the app store for jailbroken devices. In its announcement of the update, Apple says it has fixed six bugs and was polite enough to credit the hackers behind evasi0n with finding four of them. At least one of the bugs used by evasi0n remains unpatched, according to David Wang, one of evasi0n's creators. And Wang says that he and his fellow hackers still have bugs in reserve for a new jailbreak, although they plan to keep them secret until the next major release."

13 of 112 comments (clear)

  1. Re:FFS by sg_oneill · · Score: 4, Insightful

    If you know about a security flaw, you should report it so they can be fixed.

    How are they going to produce jailbreaks if they report it?

    It would be irresponsible of them to deliberately collaborate with restricting user freedoms.

    --
    Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
  2. Re:FFS by SimonTheSoundMan · · Score: 4, Insightful

    I hate it when people cry foul when Apple patches a jailbreak method. I find visiting a web page or opening a PDF that can root your device then automatically installs binaries and run them without user intervention that has full access to your whole phone quite worrying.

    I do wonder if someone has maliciously used a jailbreak methods on their own web site, installing binaries remotely without the user knowing, and then taking data. How do you find out if this has happened?

  3. Re:FFS by sFurbo · · Score: 5, Insightful

    This would clearly be the case if Apple did not insist on locking down devices in ways the consumers don't want. If there were, say, a menu option for "allow installation from unknown sources", there would be no excuse for sitting on bugs. As it is now, it is muddier: On the one hand, it is a security flaw that should be patched. On the other hand, it is a way to ensure that they can keep using their hardware in the way they want to.

    Of course, the easy way around the dilemma would be to insist on only paying money for hardware you actually own, not quasi-lease, which is the only option Apple wants for iOS hardware.

  4. Re:I've already hacked this patch by Zeroedout · · Score: 3, Funny

    You're clearly not a geek or nerd.... well maybe on the lower end of the spectrum. However, you've probably never explored an alternative OS and no, Windows XP doesn't count. Neither does Max OS X. Do you even care to compile the kernel you're using?

  5. Re:FFS by Anonymous Coward · · Score: 3, Interesting

    The exploit used by evasi0n to gain root is a missing permissions check in USB backup/restore.
    So unless your web page or PDF somehow magically plugs a iPhone into a properly prepared host... nope.

  6. Re:FFS by Anonymous Coward · · Score: 3, Insightful

    How are they going to produce jailbreaks if they report it?

    It would be irresponsible of them to deliberately collaborate with restricting user freedoms.

    I don't care about jailbreaks, I'm not going to install one anyway. Ever. I do care about security flaws in the operating system that is installed on hundreds of millions of devices.

    It's plenty flexible enough for me without jailbreaking. I can compile and install my own apps without going through the store. You just have to have a developer account (which is not very expensive).

  7. Re:FFS by SternisheFan · · Score: 4, Insightful

    This wouldn't be needed had Apple not been Apple. You know the whole "we know better than you what you want" motto.

    If they didn't know what people wanted I'm assuming they wouldn't be selling so well.

    Apple obviously doesn't know what at least 18 million, 200,000 of their customers want.

  8. Re:I've already hacked this patch by dissy · · Score: 3, Insightful

    Just out of curiousity, which Android App do I go and download/purchase to run and execute iOS applications?

    Your "solution" is no different than saying the best way to run one specific windows program is to install linux

  9. No. by Anonymous Coward · · Score: 5, Insightful

    Fuck no.

    For fucking millionth time, the only way to not deliberately collaborate with restricting user freedoms is to not fucking buy the restricted stuff in the first place.

    You buy DRM'ed shit - you give the DRM producer money. The fact that you intend to use hacks to circumvent the DRM later only sends a clear message: "We're doing fine, we just need to clamp down on them hackers harder".

    This is not fighting for freedom, this is entitlement complex. I could somewhat understand looking to break DRM when non-DRM media in some class is nonexistent or virtually nonexistent - like in DVD video case, but not in cases like smartphones or, say, videogames. You're not entitled to it. Just say "fuck you" to them and their shiny toys and go play elsewhere - the playground is huge and alternatives are plenty.

  10. Re:FFS by AK+Marc · · Score: 5, Interesting

    I jailbroke my idevices because the ones I have can't be unlocked any other way. It was just the carrier locking I wanted around.

    --
    Learn to love Alaska
  11. Re:FFS by Nerdfest · · Score: 4, Insightful

    there's never been malware that used any of them.

    That you know of.

  12. Re:I've already hacked this patch by shellbeach · · Score: 3, Interesting

    My experience with random Android devices is it's hit or miss on rooting. If you have a good OEM (Asus has been good to me) then it's not a problem. But if you have ones that lock it down it's not any different than having an iPhone.

    Actually, it's a lot better than what you think (and much better than it used to be several years ago -- I looked into this the other day). Motorola, HTC, Sony and even some of the smaller providers such as Huawei all provide the means to officially unlock the bootloader on many of their phones. Even Samsung provides "Developer Editions" of their major phones that come with an unlocked bootloader by default; and of course every Nexus device is simply a "fastboot oem unlock" away from complete freedom. Impressive, no? There's now an awful lot of devices that you can officially install a custom recovery on and root out of the box, and it's testimony to the strength of the Android dev community that manufacturers actually want to provide this functionality.

    Although I wish someone would port apt-get to Android so we can install apps like you can with Cydia.

    Well, you don't really need it, unless you have a particular boner for apt-get. Google's own Play Store hosts many apps that do the same thing as those provided by Cydia; since Google has always promoted rooting rather than been adverse to the practice, there's never been a need to have a separate software repository for rooted devices. There are, of course, several other alternate app stores around should you wish to install software through non-Google means and be notified of updates.

  13. Re:I've already hacked this patch by jedidiah · · Score: 3

    > I have an iPad, and the only apps I've installed were Angry Birds (free version), and a bit more advanced calculator

    That doesn't mean what you think it does. It actually means that you are even less married to PhoneOS than someone that might be motivated to jailbreak it. Jailbreakers are not "haters". They are people that like Apple products well enough to go to great lengths to continue using them rather than just using Android.

    You are like a Windows user that can faked out by fvwm95.

    --
    A Pirate and a Puritan look the same on a balance sheet.