facebook rss twitter

Apple plugs jailbreak security hole

by Sarah Griffiths on 12 August 2010, 13:10

Tags: Apple (NASDAQ:AAPL)

Quick Link: HEXUS.net/qazjj

Add to My Vault: x


Apple has released a patch to fix the security hole used by a jailbreak app which could stop users running unauthorised apps on their modified iPhones.

The JailbreakMe application took advantage of a vulnerability caused by the way Apple's Safari browser dealt with PDF files, to unlock devices and run apps not approved by the computer giant.

The app was released earlier this month to allow iPhone owners to modify their handsets, although it reportedly messed up certain functions on the new iPhone 4 such as FaceTime.

The practice of jailbreaking itself was declared legal in late July, despite Apple's protests, as the company, which is notoriously strict on the apps it allows in its store, warned users who jailbreak their phone could void its warranty. 

Security pros have reportedly warned the vulnerability leaves users at risk of attack from booby-trapped sites and apps, but so far no attacks have been reported as a result of the security hole. 

While the update will bar the app from working, closing unofficial avenues to phone users, it will also plug the security hole.

Experts have advised iPhone owners to use the latest patch, which should become available when users connect their phone to a computer. 

However, some iPhone owners who love using a jail-broken handset to snap up unauthorised programmes may choose to eschew the update so they can continue to run unofficial apps on their handset.

Graham Cluley, a senior security analyst at Sophos, wrote in his blog: "It remains to be seen, of course, how many iPhone and iPad users decide to install this security patch. Some may be delighting in their newly-jailbroken gadget. However, in my opinion, leaving this security hole open would be a very foolish move. It would be relatively trivial for a malicious hacker to exploit it, and cause a problem on your shiny Apple gear.

Apple said the update is available for iPhone 3G and later models, plus iPod Touch second generations and newer versions.

HEXUS Forums :: 5 Comments

Login with Forum Account

Don't have an account? Register today!
Haha how convenient. I knew the PDF “vulnerability” would be a good excuse for them to stop people jail breaking (now that it's legal in the US!)
Well the vulnerability can be used to exploit other options not just the Jailbreak, so for them it makes sense to plug it. Imagine if it were left and someone else decided to get rough. It could get ugly.

I doubt the Jailbreak team will worry over this though, and concentrate on iOS4.1 when it comes out. For me, I'll just keep my Jailbreak thank you.
I'm updating my iPad to 3.2.2. as I type this (it's a big old download.) Haven't looked at jailbreaking yet but I'll keep it as an option for the future, assuming the clever jailbreaking types keep one step ahead of Apple (which they usually seem to do.)
Cydia are following up with the same security patches on offer from Apple via their repos… Jailbreak, then patch up :)
I've been waiting and seeing on the iOS 4 before checking it out (it's still very new so the novelty-fu is still strong with me.) But I've just read that it's probably not until November.. hmmmm…. ah.. the dilemma… :D