backtop


Print 27 comment(s) - last by robinthakur.. on Jul 20 at 8:21 AM


  (Source: Pinoy Tutorial)

The new update conveniently blocks the only route of jailbreaking to the iPad 2.
OS update also closes a significant security hole

Jailbreaking phones -- removing operating system makers' restrictions on things like OS themes and allowed programs -- is today technically legal under Library of Congress amendments to the Digital Millennium Copyright Act [PDF] (DMCA).  But just because it's legal to jailbreak, doesn't mean Apple, Inc. (AAPL) will allow it.

Apple argued unsuccessfully to the U.S. government that jailbreaking could allow terrorists to turn their iPhones into digital weapons, and could assist drug dealers.  Apple refuses to give users an open path to jailbreaking their phones, so users are forced to discover exploits that allow unauthorized code to be run.  This is very convenient for Apple as it can justify closing the jailbreak route as a "security fix".

Thus is the case with iOS 4.3.4.  The updates' only real action is to fix the mishandling of fonts in PDF files, which previously allowed for jailbreaking -- or malicious code execution.

Users can find the update here, for various devices: The update is significant as it cripples JailbreakMe 3.0, currently the only way to jailbreak Apple's new iPad 2 tablet. Jailbreaks are generally divided into boot-related jailbreaks and injection jailbreaks.  Thus far no boot-level jailbreaks work on the iPad 2, due to its new A5 dual-core CPU.  And the only injection-based jailbreaks currently in action relied on the PDF exploit.

The original iPad and present iPhone lineup is still jailbreakable via boot-level jailbreaks, such as redsn0w, PwnageTool and sn0wbreeze.  There's little Apple can do to prevent these jailbreak routes, much to chief executive Steven P. Jobs chagrin.  Mr. Jobs has expressed a strong dislike for jailbreakers in past interviews.

While Apple can claim the recent update was to "protect" users, in reality it will only add additional safety to the most careless of users.  After all, a program called "PDF Patcher 2" was widely available via the Cydia app store and other sources.  The PDF Patcher 2 does pretty much the exact same thing as iOS 4.3.4, but does so after the user has jailbroken.  

It is presumable that most users who are knowledgeable enough to jailbreak in the first place would properly protect their phones against malicious code by adding the patch post-jailbreak, especially since the JailbreakMe FAQ instructs the user to do so.

So it looks like Apple has won this round.  One of its devices is yet again unjailbreakable -- at least for now.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By Shadowself on 7/18/2011 12:06:31 PM , Rating: 2
In a single word, "Bull!"

The patch has affected several other pieces of software. I personally know of a large company that is busily updating several applications because this patch affects their apps -- including some commercial apps not developed in house -- that have absolutely nothing to do with PDFs.

This iOS update did more than just close the PDF hole. That effect is just the most prominent.




"I mean, if you wanna break down someone's door, why don't you start with AT&T, for God sakes? They make your amazing phone unusable as a phone!" -- Jon Stewart on Apple and the iPhone














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki