Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Outs Anti-Jailbreak Update

CmdrTaco posted more than 4 years ago | from the longer-than-i'd-expect dept.

Iphone 429

Stoobalou writes "Apple has issued an emergency update for devices running the iOS 4 mobile operating system. iOS 4.0.2 plugs the security hole exploited by the iPhone Dev Team to allow pain-free jailbreaking of the iPhone 4 and its manifold siblings as well as... actually, that's about it."

cancel ×

429 comments

Sorry! There are no comments related to the filter you selected.

Outing the update (0, Funny)

Anonymous Coward | more than 4 years ago | (#33227046)

*insert joke about Mac users being gay here*

Re:Outing the update (0, Flamebait)

tomhudson (43916) | more than 4 years ago | (#33227144)

*insert joke about Mac users being gay here*

It's no joke. BTW - Ubuntu should come out of the closet a bit - they could use some of that gayness - even their redesigned color scheme is fugly.

Re:Outing the update (5, Funny)

Thud457 (234763) | more than 4 years ago | (#33227520)

-1, flamebait? WTF?!
  1. Apple Computer was just outside of San Francisco [wikipedia.org]
  2. They've been trying to whitewash [wikipedia.org] it since 1988, but before that, Apple was proudly flying the freak flag since 1977 [wikipedia.org]
  3. have you seen Jobs [wikipedia.org] ? (BTW, I find that file name amusing...)
  4. they have a long history [wikipedia.org] of catering to "graphic designers"
  5. they're very concerned [wikipedia.org] with maintaining a hip, stylish persona

Re:Outing the update (1, Funny)

derfy (172944) | more than 4 years ago | (#33227678)

So, they're metrosexual then.

Re:Outing the update (5, Insightful)

Anonymous Coward | more than 4 years ago | (#33227524)

It isn't just anti-jailbreak, it's patching a pretty serious security flaw.

Wow (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#33227050)

First post?!?

Re:Wow (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33227088)

No you didn't get frosty fucking piss, so I guess your cunt isn't icy.

Why does the submitter see this as a bad thing? (5, Insightful)

gmack (197796) | more than 4 years ago | (#33227052)

If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.

Re:Why does the submitter see this as a bad thing? (5, Interesting)

EricTheRed (5613) | more than 4 years ago | (#33227084)

If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.

That's true. Although recently jailbreakme got some legal footing about the legality of jail-breaking a phone, the way they did it was an issue, so it's good that the hole was broken.

Another good example, not of bricking a phone, was shown on the UK tv news last night - of an example app on Android being able to record arbitrary audio after performing a similar hack.

So although this says it's anti-jailbreak, that's just secondary - it was one hell of a hole in the first place.

Re:Why does the submitter see this as a bad thing? (3, Interesting)

Pojut (1027544) | more than 4 years ago | (#33227126)

Thirded. Usually I would say Apple was just trying to keep people from unlocking their phones...but I think that was just a symptom of the problem they were trying to fix here.

Re:Why does the submitter see this as a bad thing? (4, Interesting)

oztiks (921504) | more than 4 years ago | (#33227292)

This exploit is the least of their problems ... http://www.sbsfaq.com/?p=2165 [sbsfaq.com]

Re:Why does the submitter see this as a bad thing? (0)

Anonymous Coward | more than 4 years ago | (#33227484)

The jailbreak community had a great workaround that takes most of the fear out of exploit and Apple didn't incorporate it in their fix. There is a jailbreak application that prompts the user before downloading any PDF via the Safari browser, meaning that you have to allow the browser to download any exploit. This plugs the biggest hole in that a rogue PDF could be loaded via a Javascript onLoad() script on the page.

Re:Why does the submitter see this as a bad thing? (1)

mmkkbb (816035) | more than 4 years ago | (#33227570)

Although recently jailbreakme got some legal footing about the legality of jail-breaking a phone, the way they did it was an issue, so it's good that the hole was broken.

Was jailbreaking a phone ever prosecuted as an illegal act? I think that ruling by the LoC is a bit overrated.

Re:Why does the submitter see this as a bad thing? (5, Insightful)

MikePikeFL (303907) | more than 4 years ago | (#33227092)

Exactly- phrased differently- "A vulnerability actively being exploited in the wild was patched".

Granted, some of those actively exploiting it were the owners of the devices... but hey. You seriously don't know if it was being exploited by others for financial gain. If they were that good, you'd never know. I'm all for patching the vuln.

Re:Why does the submitter see this as a bad thing? (0, Redundant)

dsavi (1540343) | more than 4 years ago | (#33227096)

As well as this not being a bad thing, why is this even news? We all knew that Apple would try to put a stop to it the moment we saw what Jailbreakme could do.

Re:Why does the submitter see this as a bad thing? (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#33227110)

Because this is Slashdot and here everything that Apple does is considered pure evil. If you think otherwise you are a fanboi.

Re:Why does the submitter see this as a bad thing? (1, Insightful)

Da Fokka (94074) | more than 4 years ago | (#33227124)

It'd be a small miracle if no other security issues have been found since the release of iOS 4. The fact that the jailbreak exploit is the only thing that's being fixed suggests that Apple values retaining control over their device higher than fixing other security issues.

Re:Why does the submitter see this as a bad thing? (5, Insightful)

maxume (22995) | more than 4 years ago | (#33227184)

This is a massively publicized remote exploit. That is the most critical sort of security issue for an operating system. There is nothing strange about them prioritizing it.

Re:Why does the submitter see this as a bad thing? (4, Informative)

oodaloop (1229816) | more than 4 years ago | (#33227142)

Bricked? I thought you could just re-synch your phone and restore it.

Re:Why does the submitter see this as a bad thing? (2, Interesting)

hey (83763) | more than 4 years ago | (#33227346)

> 2010: The Year of the Linux Phone

It is! Android and others!

Re:Why does the submitter see this as a bad thing? (5, Insightful)

bsDaemon (87307) | more than 4 years ago | (#33227374)

In modern parlance, "bricked" means "mildly inconvenienced for about 30 minutes" rather than "made completely inoperable to the point where the hardware is now about as useful as a standard brick" and "zero day" means "sometime within the next 5 years after the actual software was released in the first place."

Already an issue.. (1)

m0rphin3 (461197) | more than 4 years ago | (#33227150)

http://www.thinq.co.uk/2010/8/12/jailbreak-hackers-unleash-exploit-code/ [thinq.co.uk] Unless people update really soon, assorted malware could cut a swath through the iOS 4 user base.

Re:Already an issue.. (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33227236)

http://www.thinq.co.uk/2010/8/12/jailbreak-hackers-unleash-exploit-code/ [thinq.co.uk] Unless people update really soon, assorted malware could cut a swath through the iOS 4 user base.

So fags might get diseases from having intercourse with other fags. Oh dear oh no. iPhone Aids!

Re:Already an issue.. (5, Informative)

am 2k (217885) | more than 4 years ago | (#33227264)

The problematic part is that iPhone 2G users won't get an update but are still susceptible to this bug, so they're SOL. Additionally, iOS 4 sucks on the iPhone 3G (nearly no new features, but much slower), so many are reluctant to update.

Re:Already an issue.. (1)

m0rphin3 (461197) | more than 4 years ago | (#33227348)

Oh crap - I thought that particular bug was only present in 4. It will be interesting to see how Apple will handle this.

Re:Already an issue.. (5, Informative)

z1ppy (1123453) | more than 4 years ago | (#33227630)

iOS 4 sucks on the iPhone 3G (nearly no new features, but much slower), so many are reluctant to update.

iOS4 doesn't suck on the 3G if you do a clean wipe of the OS before moving to 4. This has been a known issue for some time now. Wipe your 3G, then move to iOS4. I know plenty of folks running iOS4 on their 3G who absolutely love it. They have no issues with performance or it suck-ing. If you upgraded and already experience performance issues, backup your phone, restore to factory settings, upgrade to iOS4, then restore from backup. Problem solved.

Re:Already an issue.. (0)

Anonymous Coward | more than 4 years ago | (#33227666)

This has to be a joke. The performance issues are clearly due to memory limitations on the 3G and a clean wipe is a (very) short term fix.

Re:Why does the submitter see this as a bad thing? (5, Insightful)

mdwh2 (535323) | more than 4 years ago | (#33227200)

Indeed. And similarly, it was wrong that the original news of the exploit was publicised as a good thing (or, at worst, neutral), rather than being publicised as a major security hole (like you know they would have had it have been something like Internet Explorer).

Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality. But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits; or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.

Re:Why does the submitter see this as a bad thing? (4, Funny)

Pojut (1027544) | more than 4 years ago | (#33227296)

Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality. But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time

They're afraid of being modded down.

Re:Why does the submitter see this as a bad thing? (4, Interesting)

Anonymous Coward | more than 4 years ago | (#33227298)

I thought android phones needed to be "rooted". Double standard much?

Re:Why does the submitter see this as a bad thing? (2, Informative)

cduffy (652) | more than 4 years ago | (#33227446)

I thought android phones needed to be "rooted".

Some Android phones. And if you have a dev bootloader (ie. the folks you bought your phone from aren't assholes), there aren't any security exploits involved in the process anywhere.

Also, the set of things you can do on an Android phone without root is substantially larger than the set of things you can do on a non-jailbroken iPhone (replacing the built-in apps, for instance).

Re:Why does the submitter see this as a bad thing? (2, Informative)

Anonymous Coward | more than 4 years ago | (#33227468)

androids don't "need" to be rooted unless your particular phone company disables functionality that you want to use. The most relevant example of this is tethering, most phone companies will only enable it after you agree to pay $xx/month more for the privilege to use functionality your phone has native support for.

That said, I've never owned an iPhone so I don't know what you gain by jailbreaking it.

Re:Why does the submitter see this as a bad thing? (4, Interesting)

delinear (991444) | more than 4 years ago | (#33227478)

Android phones only need to be rooted if you're doing something that requires root access - for everything else running unsigned (i.e. third party, non-market) apps is simply a matter of unchecking a box in the settings, so no, it's not quite the same thing (as you'd know if you had ever tried to send an MP3 via bluetooth from an Android phone to an iPhone, for instance - they both have this ability but only one allows you to do it without rooting the device).

Re:Why does the submitter see this as a bad thing? (1)

rjstanford (69735) | more than 4 years ago | (#33227314)

Be fair - its "advanced" functionality that comes with a modest but non-zero set of additional responsibilities for the user, along with a moderate amount of additional power. If it was truly "basic functionality" then there wouldn't be many millions of people quite successfully and happily using their devices without it.

Re:Why does the submitter see this as a bad thing? (1)

delinear (991444) | more than 4 years ago | (#33227544)

A file browser, the ability to share files via bluetooth or to install whatever software you want are pretty basic these days, computers and even phones have had such functionality for many years (I had a mid-range phone back in 2004/5 that could do all this). People compromise on form over function all the time (that's why supercars lack a lot of the basic amenities of the family run-around, or stiletto heels are cripplingly bad for women to walk on, but people buy them anyway) - it doesn't mean they wouldn't like the function too, given the chance.

Re:Why does the submitter see this as a bad thing? (2, Insightful)

dogmatixpsych (786818) | more than 4 years ago | (#33227496)

"Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality."

If you think jailbreaking is necessary to enable "basic functionality" on an iPhone, I'd love to see what your definition of basic functionality is. I think you meant to write "advanced and technical functionality that relatively few people really need [want]." While I don't have an iPhone, I have an iPod Touch that I use constantly for school, work, and fun. After jailbreaking it to see what the hype was about, I quickly reverted to normal because for me jailbreaking interfered with the functionality of my iPod. Frankly, many (not all) people jailbreak for access to pirated apps. I know that's stereotyping a bit but it is the case for many people.

Re:Why does the submitter see this as a bad thing? (-1, Troll)

mdwh2 (535323) | more than 4 years ago | (#33227588)

By basic functionality, I mean things like tethering, which just worked on my five year old dirt cheap feature phone that I threw away in the trash six months ago - at one time that required jailbreaking on the Iphone, not sure if that's the case with the latest version. Or running unapproved apps, which works on major platforms like Symbian and Android with just a simple option change.

It's a sad day in computing if being able to run applications on your own device that haven't been approved by the one company is seen as "advanced functionality". That's exactly the sort of worrying mentality that platforms like the Iphone are leading us.

I never made any claims as to how many people might need these; just the fact that these were basic, in terms of being available on older, and more basic (in terms of hardware specs), phones. But if you do want to talk in terms of what consumers want, the fact that Nokia sell around twice as many phones per quarter than Apple have ever sold says it all in terms of providing what customers want.

Re:Why does the submitter see this as a bad thing? (3, Insightful)

tooyoung (853621) | more than 4 years ago | (#33227656)

You do realize that the iPhone does tethering, but AT&T charges $20 to enable it? That is a carrier restriction, not an Apple restriction.

Re:Why does the submitter see this as a bad thing? (1)

CharlyFoxtrot (1607527) | more than 4 years ago | (#33227510)

Indeed. And similarly, it was wrong that the original news of the exploit was publicised as a good thing (or, at worst, neutral), rather than being publicised as a major security hole (like you know they would have had it have been something like Internet Explorer).

This is Apple news, it's always a cause for whining. Jailbreak ? OMG HAX, it's the end the world! Security update ? OMG, evil Apple want to stop users taking control of their device.

Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality.

This is bullshit, basic functionality ? You gain the ability to run unsigned, unapproved software. A locked iPhone will do the same as any locked smartphone.

But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits

The media praise Apple all the time ? This is bullshit on the same order as the "liberal media." It's confirmation bias: you get annoyed by stories that you perceive as pro-Apple and consequently see them everywhere.

or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.

Don't know about the others but Android phones need to be jailbroken to gain full control, they just call it being "rooted" [smarterware.org] . In fact Google recently pulled an app [androidcentral.com] that would root your phone from their store (oh the irony!).
Android phones get plenty of coverage btw, they just don't specifically talk about the OS as much which you would expect it being a phone.

Re:Why does the submitter see this as a bad thing? (3, Insightful)

jo_ham (604554) | more than 4 years ago | (#33227562)

What basic functionality?

Tethering? The phone already does that, without jailbreaking. Installing non-app store apps? I wouldn't call that basic - the phone is just not designed and promoted to work that way (ie, if you want to do other things with it, you're moving away from 'basic' and into 'unsupported, potentially advanced' functions).

The biggest reason I've seen for jailbreaking my phone (although I haven't done so) is to enable use of the phone as an AP, rather than having to tether to my Powerbook and then share my wifit that way, but the number of times I've needed to share my connection when there's been nothing but 3G access is limited. Either way, that's hardly basic functionality.

I guess VoIP is verging on basic, but there are apps that work over wifi - the 3G restrictions are carrier based.

I agree that this exploit has been spun the wrong way - as a positive thing to enable easy jailbreaking. Any security hole is never a positive thing, regardless of the beneficial things you can do with it. I'm glad it has been addressed, although I am hoping it will also be fixed for users of 2G and 3G iPhones who haven;t upgraded to iOS4.

Why the media doesn't dig deep on the iPhone (2, Insightful)

atdt1991 (1069776) | more than 4 years ago | (#33227620)

But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits; or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.

With the exception of right wing political media that get together for weekly talking points, "The Media" doesn't collude together for a common focus. Most reporters know next-to-nothing about the beat they cover unless it is a personal passion, and expecting them to dig deep is incredibly naive, especially in a time like today when a skeleton crew covers virtually everything.

You have people like Engadget saying "hooray, we can root our iPhones!" and you have people like CNet saying "iPhones are hot shit!", and then you have every tiny tech beat for every newspaper in the country creating stories from that and the massive wave of popularity Apple has garnered. I'd love to see more non-specialty reporting on the history of locking down devices, but you'll have to wait for someone like Wired (who, despite their flaws, is a news hybrid) to try to cross that bridge first.

Re:Why does the submitter see this as a bad thing? (4, Insightful)

beelsebob (529313) | more than 4 years ago | (#33227290)

It's amazing that slashdot can spin this as anything other than a good thing. Bottom line – the phone had a serious security vulnerability that allowed people to brick/use the phone for various nefarious tasks. Apple fixed it, spinning this as anything other than an important bug fix is downright irresponsible.

Re:Why does the submitter see this as a bad thing? (1)

erroneus (253617) | more than 4 years ago | (#33227394)

Where is the "Obvious" mod thing when you need it? I think it was pretty clear and obvious that any exploit that originates from outside needs to be patched and fast. That was the first thing I thought when the jailbreak web page was announced.

Here's what gets me though -- it really took a frightening amount of time for that one to get patched and released. I expected a week or less and it was longer than expected. But I have to say that this puts Apple's OS at least on par with Windows and, quite frankly, I suspect it is far worse.

Re:Why does the submitter see this as a bad thing? (1)

delinear (991444) | more than 4 years ago | (#33227604)

The exploit didn't originate from outside, the exploit is a flaw in the OS - unless you just mean an exploit in the OS which was actively being targetted by users from outside (it's worth clarifying as there was a lot of assumption in the beginning that this was somehow Adobe's fault since it was the PDF renderer).

Re:Why does the submitter see this as a bad thing? (1)

Jurily (900488) | more than 4 years ago | (#33227658)

Imagine having your phone bricked because you viewed the wrong PDF on some website.

Imagine a world where you don't have to break into your own device.

No update for older iPhone and iPod Touch... (4, Insightful)

AmazinglySmooth (1668735) | more than 4 years ago | (#33227058)

I appreciate jailbreaking, but security is more important. What about older devices? Maybe McAfee or Symantec will have a solution.

Re:No update for older iPhone and iPod Touch... (2, Interesting)

marcansoft (727665) | more than 4 years ago | (#33227160)

The evil "jailbreak vendors who say you shouldn't upgrade" (term used by F-Secure) have stated that they will be releasing a fix for the exploit on the iPod Touch 1G and the iPhone 2G. Ironically, this means that all owners of such devices MUST now jailbreak unless they want to be vulnerable to this exploit forever.

McAfee? Symantec? You seriously expect them to do something useful instead of whining about how Apple doesn't let them write software to hog down your phones even more?

Re:No update for older iPhone and iPod Touch... (4, Interesting)

marcansoft (727665) | more than 4 years ago | (#33227336)

Yup, already out for testing [iphone-dev.org] .

Thu Aug 12 15:20:25 unknown MobileSafari[421] : MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/PDFPatch_CVE-2010-1797.dylib
[...]
Thu Aug 12 15:20:56 unknown MobileSafari[421] : Prevented PDF Exploit
Thu Aug 12 15:20:56 unknown MobileSafari[421] : FT_Load_Glyph failed: glyph 1: error 130.
Thu Aug 12 15:20:56 unknown UIKitApplication:com.apple.mobilesafari[0xc4c][421] : Thu Aug 12 15:20:56 iphone MobileSafari[421] : FT_Load_Glyph failed: glyph 1: error 130.

And suddenly jailbreaking is the smart security option for all the users that Apple left behind.

Re:No update for older iPhone and iPod Touch... (4, Insightful)

Pojut (1027544) | more than 4 years ago | (#33227198)

Maybe McAfee or Symantec will have a solution.

nah, I think the vulnerability is bad enough...you're not hoping it would get WORSE, do you?

Re:No update for older iPhone and iPod Touch... (1)

poolecl (170874) | more than 4 years ago | (#33227206)

No, but the Jailbreakers do!

From iPhone dev team:
iphone_dev: Fixing what Apple won't: http://is.gd/eee9Q ... PDF holes fixed for all devices, not just most recent ones

Re:No update for older iPhone and iPod Touch... (1)

antifoidulus (807088) | more than 4 years ago | (#33227498)

Unfortunately 2 years after the last date of sale seems to be the absolute maximum Apple is willing to actually support their products. iPhone 3g was released in July of 08 and about 2 years later Apple stopped supporting it leaving it vulnerable, ditto for Tiger, Leopard went on sale in late 07 and the last Tiger security update(ignoring Safari updates) was September of 09. If Apple wants to be taken more seriously in the corporate environment they MUST be willing to support their products for at least 3 years after the new version comes out.....

Cellphones. (3, Insightful)

Anonymous Coward | more than 4 years ago | (#33227062)

There are a million of them. Why not buy one you don't have to jailbreak?

Bet it'd be cheaper too.

Re:Cellphones. (0)

Anonymous Coward | more than 4 years ago | (#33227300)

There are a million of them. Why not buy one you don't have to jailbreak?

Bet it'd be cheaper too.

Because there's other things they like about the iPhone, like the fact that every one of those million cellphones you mentioned sucked before it was introduced?

Re:Cellphones. (4, Insightful)

MightyYar (622222) | more than 4 years ago | (#33227306)

I can think of a few reasons:

  • All of your friends have iPhones and you feel the need to have one as well.
  • You need to feel like you are part of an "in" crowd.
  • You genuinely like the hardware but want to load new software on the device.
  • You genuinely like the hardware AND software but want to run a forbidden application.
  • It works with your car/stereo/home automation system and you have no choice short of losing that functionality.

There are probably many other reasons. Personally I do not have any kind of smartphone - they are all too big for me. But I do have an iPod touch, and the software is very slick - though strangely it is not a great MP3 player :)

Re:Cellphones. (0)

Anonymous Coward | more than 4 years ago | (#33227462)

It can also be somewhat difficult to actually get a non-restricted phone, depending on region. Not so much a problem over here, but in the US many networks restrict what models will will permit to connect. They don't like phones that can run things like VoIP software or p2p clients - the former deprives them of the lucrative voice traffic, which costs a lot more per-byte than IP, and the latter requires a lot of network capacity.

Re:Cellphones. (1)

sweatyboatman (457800) | more than 4 years ago | (#33227402)

I can think of one reason [slashdot.org] .

(kidding)

Re:Cellphones. (0)

Anonymous Coward | more than 4 years ago | (#33227596)

That's all well and good, but what if you are not gay?

Bummer (4, Funny)

Codename Dutchess (1782238) | more than 4 years ago | (#33227066)

Now we're going to have to wait a week before another exploit is released publicly. Shucks.

In their defense... (2, Insightful)

Anonymous Coward | more than 4 years ago | (#33227068)

...while the exploit is only used (that we know of) for the jailbreak at this point, it could potentially be used for much worse...to wait for the next more substantial update to patch the exploit would be careless on Apple's part.

Re:In their defense... (1)

Abstrackt (609015) | more than 4 years ago | (#33227226)

...while the exploit is only used (that we know of) for the jailbreak at this point, it could potentially be used for much worse...to wait for the next more substantial update to patch the exploit would be careless on Apple's part.

If the good guys know about an exploit the bad guys have probably been exploiting it for a while. I miss the good old days when a virus just meant your hard drive was hosed.

Why does the commenter feel being a Fanboi is good (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33227072)

This is where all the Fanboi's tell us that this is good because Apples says so, but it would be evil if Microsoft said it.

Please, at least tell me you own stock? Then at least there would be some logic to your position.

Oh for shame! (4, Funny)

bbtom (581232) | more than 4 years ago | (#33227102)

We have to go back to jailbreaking the old fashioned way with a computer and a USB cable - it'll take ten minutes rather than five now and require you to RTFM. And all because Apple wants to fix a gaping security hole. DAMN THEE DRACONIAN STEVE JOBS!!1!

Re:Oh for shame! (1)

marcansoft (727665) | more than 4 years ago | (#33227176)

You do realize that this is currently the only way to jailbreak on an iPhone 4 and newer iPhone 3GS, right? Unless you have SHSHs on file and can therefore downgrade to 4.0.1 (and subsequently use jailbreakme), you're stuck without a jailbreak for now.

Re:Oh for shame! (1)

Zuzzy (124703) | more than 4 years ago | (#33227222)

AFAIK comex's jailbreak isn't patched, just the delivery method used on his web site

Re:Oh for shame! (1)

marcansoft (727665) | more than 4 years ago | (#33227320)

They patched both the kernel vulnerability and the PDF exploit, so yes, it's patched for good. Even if they only patched the PDF exploit, there's no other way to deliver the jailbreak to a 3GS or 4 anyway. You need both a way to run userland code on the phone and an exploit to get into the kernel.

Security Holes & Closed Platforms (3, Interesting)

grimsweep (578372) | more than 4 years ago | (#33227106)

I am curious as to how much longer we will go until the next security hole isn't used so benevolently.

Who's up for a virus that can't be removed by the user once it's in? How about a friendly bugger that takes advantage of your contact list? For that matter, let's bring back the old dialer viruses and have your phone call a 10$/minute hotline every night for an hour.

Re:Security Holes & Closed Platforms (0)

Anonymous Coward | more than 4 years ago | (#33227362)

You can have that today. Dude, you're getting a Dell!

no mister Bond, I expect you to file chapter 11! (1)

Thud457 (234763) | more than 4 years ago | (#33227654)

for a small bribe of an ox and six chickens, you too can cause a multi-billion dollar company's stock to blip down and make a killing in the market!

That has something to say about our society's priorities, and I don't think any of it is good.

Re:Security Holes & Closed Platforms (1)

CharlyFoxtrot (1607527) | more than 4 years ago | (#33227602)

I am curious as to how much longer we will go until the next security hole isn't used so benevolently.

Who's up for a virus that can't be removed by the user once it's in? How about a friendly bugger that takes advantage of your contact list? For that matter, let's bring back the old dialer viruses and have your phone call a 10$/minute hotline every night for an hour.

You mean like the recent Android SMS trojan [slashdot.org] ? We're actually pretty lucky to have guys like the dev-team around hunting for bugs. Keeps Apple on their toes and the found vulnerabilities get patched.

Re:Security Holes & Closed Platforms (0)

Anonymous Coward | more than 4 years ago | (#33227612)

I am curious as to how much longer we will go until the next security hole isn't used so benevolently.

Let's think about this for a moment. The only known iPhone viruses/worms/trojans affect jailbroken phones and could only get on your phone because jailbreaking enabled ssh and Apple uses a known default password. Change the password, block the virus. OTOH, I know of at least two viruses/worms/trojans on Android that masqueraded as downloadable applications and were installed by hundreds (or was it thousands) of users. I'll take the closed platform, thank you very much.

Sorry, no references, but all of these cases were well documented on Slashdot.

iPhone is slave-pod rubbish anyway (0, Redundant)

Marcion (876801) | more than 4 years ago | (#33227128)

Why buy a device that you cannot control? If I buy a device I expect to be root by default, not to have to jailbreak through some random PDF exploit. iPhone turns its users into digital serfs.

Re:iPhone is slave-pod rubbish anyway (2, Insightful)

tepples (727027) | more than 4 years ago | (#33227178)

Why buy a device that you cannot control?

Because you can't control the close substitutes that are being sold either. For example, all three major video game consoles are like iPhones in that they need to be jailbroken to run anything interesting [wiibrew.org] .

Re:iPhone is slave-pod rubbish anyway (1)

Marcion (876801) | more than 4 years ago | (#33227258)

What about the GamePark holdings' handhelds? They run lots of cool stuff.

Re:iPhone is slave-pod rubbish anyway (1)

tepples (727027) | more than 4 years ago | (#33227368)

What about the GamePark holdings' handhelds? They run lots of cool stuff.

I saw zero ads in TV or print for the GP2X or GP2X Wiz. Is there anything that A. runs lots of cool stuff, B. is marketed to the general public in the United States, and C. isn't tied to a $1,500 cell phone plan? As far as I can tell, it's pick any two: iPod Touch is B and C, GP2X is A and C, and Android phones are A and B.

Re:iPhone is slave-pod rubbish anyway (0)

causality (777677) | more than 4 years ago | (#33227280)

Why buy a device that you cannot control?

Because you can't control the close substitutes that are being sold either. For example, all three major video game consoles are like iPhones in that they need to be jailbroken to run anything interesting [wiibrew.org] .

Unlike smartphones, gaming consoles don't usually know your phone number, your contacts, your e-mail, or have photos and videos of you and people you know in real life. It's a bit more important to have control over a device that holds all of that information than it is to control a device that has the sole purpose of playing video games. That's why there is much more such debate over one class of device (smartphones) and far less over another class of device (game consoles) in case you were wondering.

Re:iPhone is slave-pod rubbish anyway (1)

tepples (727027) | more than 4 years ago | (#33227340)

gaming consoles don't usually know your phone number, your contacts, your e-mail

Your Xbox 360 console knows all these if you routinely use Xbox Live Gold. Your Live account is associated with an e-mail address, and Gold subscribers have Skype and a list of gaming contacts. Even a Wii console knows your contacts' Wii Numbers.

a device that has the sole purpose of playing video games.

What sole purpose? Look at U.S. PS3 commercials that claim the console only does everything [playstation.com] . Besides, it wouldn't be as much of a sole purpose if the platform were more open. For example, once the Nintendo DS got reliably cracked, a media player called MoonShell and a basic PIM called DSOrganize popped up.

Re:iPhone is slave-pod rubbish anyway (1)

Nursie (632944) | more than 4 years ago | (#33227576)

"Because you can't control the close substitutes that are being sold either."

N900.

FOSS phone with nokia reliability, root access and software available from debian-like repositories with a nice GUI. WIN.

(OK, it's not as slim or pretty as an iPhone, but it rocks in terms or functionality)

Re:iPhone is slave-pod rubbish anyway (0, Troll)

Combatso (1793216) | more than 4 years ago | (#33227218)

Why buy a device that you cannot control?

AH HA!! What an original point! Mod parent UP! Slashdot should just have a script that writes comments like this when it sees 'Apple' or 'Jailbreak' in the summary.. actually, this comment usually shows up in every thread on every article... Maybe it should be subtext on every summary..

Re:iPhone is slave-pod rubbish anyway (1)

Marcion (876801) | more than 4 years ago | (#33227272)

I still it is an important question. Despite your cynicism.

[Why not have a script that just cynically comments 'I am so clever I have seen it all before' on every article.]

Re:iPhone is slave-pod rubbish anyway (1)

Combatso (1793216) | more than 4 years ago | (#33227344)

you really think it is an important question? You don't think it has been answered over and over and over again.. Many people, nerd and geeks included, even those 'informed' buyers have compared competitors devices and like the Apple product. If YOU don't, that is fine... move on.. Or maybe start a blog about how much you hate Apple... I dunno, or keep trolling slashdot... Actually, I take it all back, keep trolling Slashdot, it's easier to ignore you here. Lest you be 'that guy' who hangs out at the big box stores spouting your opinion to anyone who will listen.

Re:iPhone is slave-pod rubbish anyway (1)

ErikZ (55491) | more than 4 years ago | (#33227444)

Cry me a river, try being a Kindle advocate.

Hey, did you know you can backup your Kindle downloads to your computer? YES REALLY. Every fricken time.

And that's just one of many constant misconceptions.

The best part (4, Informative)

Halo1 (136547) | more than 4 years ago | (#33227148)

Apple has not released the fix for the iPod Touch 1G and the iPhone 2G, so the iPhone Dev Team themselves are working on a fix [iphone-dev.org] that will work on all devices. So you'll be able to basically jailbreak and then plug the hole that was used to do it.

Performance fix? (1)

Vectormatic (1759674) | more than 4 years ago | (#33227208)

So this doesnt address the performance issues many ipod-touch/3g owners have been experiencing?

Re:Performance fix? (0)

Anonymous Coward | more than 4 years ago | (#33227488)

No, it doesn't. It only closes the exploit. Reports from the beta are that the next major release, 4.1, has made the older units much more responsive.

Re:Performance fix? (1)

CharlyFoxtrot (1607527) | more than 4 years ago | (#33227646)

Fix is supposedly coming in iOS 4.1 though I've heard resetting network settings to factory default and doing a hard reboot helps in some cases.

It doesn't help the passwords are well known (2, Interesting)

Zuzzy (124703) | more than 4 years ago | (#33227210)

I still am amazed that Apple releases the iPhone code with simple, easy to discover passwords that are the same across every device. That is UNIX rule 101 - "protect root". Knowing the password means that if you can execute arbitrary code on the iPhone via any means, you can su to root and break out of the user space security protection. User priviledge controls have been the basis of UNIX security for as long as UNIX has been around (as it has been for most OSs to more or less a degree)

If the iPhone had random root passwords on each device, and used certificates to trust iTunes, the risk of a driveby attack doing permanent (ie surviving reboot) damage must be lower? Or have I missed something obvious here?

Re:It doesn't help the passwords are well known (2, Informative)

marcansoft (727665) | more than 4 years ago | (#33227408)

You can't su to root. There is no su on a stock iPhone. The privilege escalation from the PDF exploit was accomplished using a kernel vulnerability, not su.

The passwords mean nothing until you jailbreak and actually put a reasonable UNIX userland on the phone.

Jailbreaking vs. SIM lock (4, Insightful)

Kumiorava (95318) | more than 4 years ago | (#33227260)

I wouldn't be jailbreaking my iPhone if there was a way to remove SIM lock. Right now Apple & AT&T has forced me into a situation where AT&T won't provide unlock code (asks to go some unlock shop and pay for the unlock) and Apple doesn't really care. Only option is to jailbreak to get blacksn0w running.

If Steve/government (in many countries in Europe it is mandated that after contract period unlock key is given) would force AT&T to provide unlock codes for everyone out of contract then most of the jailbreaking business would go away.

Re:Jailbreaking vs. SIM lock (0)

Anonymous Coward | more than 4 years ago | (#33227632)

I don't think so. My iPhone is factory unlocked (had to pay through the nose for it too). But I still feel I need to jailbreak. For "unauthorized" apps, for crippled functionality like tethering.

Really, I never had a phone before where tethering functionality was switched off, even on really cheap/common ones. Bluetooth DUN or PAN always used to work. Now it feels like Apple is importing some idiosyncratic elements from the US cellphone market into the EU market that didn't have those problems before.

The issue is a bit overblown (2)

static416 (1002522) | more than 4 years ago | (#33227276)

1. These sorts of exploits are found for every device all the time. This one was just famous because people used it to get root access to their own phone.

2. @comex et al are not immediately irresponsible and evil for exploiting and exposing a vulnerability. Isn't that what DEFCON and BlackHat devote entire conventions to?

3. If Apple just provided a safe way to get root access to your own device (like every other computer you've ever purchased) people wouldn't have to resort to using security holes.

4. With the the 2G iPhone and iPod Touch now unpatched by Apple, the only way to secure them is to jailbreak them and install the Cydia patch that is now available. Ironic.

That's all it does? (1)

Lester67 (218549) | more than 4 years ago | (#33227318)

And yet the activesync lock-up remains....

Article Title should be fixed... (1)

Sylak (1611137) | more than 4 years ago | (#33227412)

article title should be fixed to "Apple sends out update to fix PDF Vulnerability" ;)

lol "outing" lol (0, Offtopic)

ThrowAwaySociety (1351793) | more than 4 years ago | (#33227480)

article title should be fixed to "Apple sends out update to fix PDF Vulnerability" ;)

No, see, Apple users are all gay!

Which is funny, for some reason, because sexual orientations are funny. So...outing.... ...gay.... ...funny mod please?

Re:Article Title should be fixed... (1)

Duradin (1261418) | more than 4 years ago | (#33227550)

Taco hasn't trolled Apple in a few days. This one is fairly obvious and uninspired, so let it slide.

Article misleading? (1)

jbarr (2233) | more than 4 years ago | (#33227476)

Doesn't this update just patch the PDF exploit and not the other methodologies used by Dev-Team to jailbreak? And wasn't the PDF exploit developed by someone not on the Dev-Team? I'll gladly stand corrected if this is not true, but I thought I read this somewhere.

Any bug fixes coming? (2, Insightful)

zerofoo (262795) | more than 4 years ago | (#33227512)

Apple,

4.0.1 is far from perfect - how about addressing a few of the following bugs before worrying about jailbreakers:

- Poor Bluetooth compatibility. Accessories that worked under iOS3 are flaky (or do not work at all) in iOS4. Lots of BT functions are broken - phone book transfer - switching between audio and handsfree results in no audio, frequent BT disconnects...etc.
- Occasionally upgrades to 4.0.1 result in poor battery life and excessive operating heat from the device (I have seen this on at least 5 phones). Wiping the device and restoring the phone fixes the issue (in every case so far) - so it's an upgrade problem
- Pathetic performance on the 3G model. Either make the performance better or exclude the device from further upgrades.
- Poor radio performance. I have heard a few complaints from my users that cellular radio performance is worse after the iOS4 upgrade. Phones frequently fail-over to Edge when 3G is available on other devices.

Trading a stable phone for multitasking was not what we wanted when our users upgraded to iOS4.

-ted

Why Android will win (-1, Troll)

HangingChad (677530) | more than 4 years ago | (#33227532)

plugs the security hole exploited by the iPhone Dev Team to allow pain-free jailbreaking of the iPhone 4...

The harder Apple fights to lock the phones the more it will push developers and power users to Android.

Although we've seen plenty of examples that the more open platform doesn't always win, in this case the open platform also has big time corporate backing and service. Android is a viable alternative to iPhone, for many people the superior alternative.

Apple has been pursuing the walled kingdom strategy for so long, I don't think they even consider other models. There's no compromise. Apple's way or the Java highway.

Have Your Cake and Eat it Too (0)

Anonymous Coward | more than 4 years ago | (#33227558)

If you're already jail broken (perhaps using the PDF Notifier app to give you at least the semblance of protection from this hole) there is no need to give up your jailbreak. Saurik has now released a patch that fixes the PDF vulnerability on Cydia. So have your jailbreak and be safe from rogue PDF files.

Patch for JB iPhones (1)

remmons (601226) | more than 4 years ago | (#33227568)

Jailbroken iPhones can patch the vulnerability by installing PDF Patch (CVE-2010-1797) that was released by saurik this morning.

actually... (1)

smash (1351) | more than 4 years ago | (#33227614)

... it is "Apple plugs iDevice security hole" but that isn't so catchy with the anti-apple drones on here.

the hole plugged that stops some jailbreak from working could be exploited via malicious guys on the net to own your device via a hosted PDF. which isn't cool.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>