backtop


Print 27 comment(s) - last by robinthakur.. on Jul 20 at 8:21 AM


  (Source: Pinoy Tutorial)

The new update conveniently blocks the only route of jailbreaking to the iPad 2.
OS update also closes a significant security hole

Jailbreaking phones -- removing operating system makers' restrictions on things like OS themes and allowed programs -- is today technically legal under Library of Congress amendments to the Digital Millennium Copyright Act [PDF] (DMCA).  But just because it's legal to jailbreak, doesn't mean Apple, Inc. (AAPL) will allow it.

Apple argued unsuccessfully to the U.S. government that jailbreaking could allow terrorists to turn their iPhones into digital weapons, and could assist drug dealers.  Apple refuses to give users an open path to jailbreaking their phones, so users are forced to discover exploits that allow unauthorized code to be run.  This is very convenient for Apple as it can justify closing the jailbreak route as a "security fix".

Thus is the case with iOS 4.3.4.  The updates' only real action is to fix the mishandling of fonts in PDF files, which previously allowed for jailbreaking -- or malicious code execution.

Users can find the update here, for various devices: The update is significant as it cripples JailbreakMe 3.0, currently the only way to jailbreak Apple's new iPad 2 tablet. Jailbreaks are generally divided into boot-related jailbreaks and injection jailbreaks.  Thus far no boot-level jailbreaks work on the iPad 2, due to its new A5 dual-core CPU.  And the only injection-based jailbreaks currently in action relied on the PDF exploit.

The original iPad and present iPhone lineup is still jailbreakable via boot-level jailbreaks, such as redsn0w, PwnageTool and sn0wbreeze.  There's little Apple can do to prevent these jailbreak routes, much to chief executive Steven P. Jobs chagrin.  Mr. Jobs has expressed a strong dislike for jailbreakers in past interviews.

While Apple can claim the recent update was to "protect" users, in reality it will only add additional safety to the most careless of users.  After all, a program called "PDF Patcher 2" was widely available via the Cydia app store and other sources.  The PDF Patcher 2 does pretty much the exact same thing as iOS 4.3.4, but does so after the user has jailbroken.  

It is presumable that most users who are knowledgeable enough to jailbreak in the first place would properly protect their phones against malicious code by adding the patch post-jailbreak, especially since the JailbreakMe FAQ instructs the user to do so.

So it looks like Apple has won this round.  One of its devices is yet again unjailbreakable -- at least for now.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: It's futile to try and stop jailbreakers
By bah12 on 7/18/2011 2:11:56 PM , Rating: 1
quote:
It's seriously a waste of time for Apple to try and stop jailbreakers.
I don't entirely agree. Certainly I think that anything can be hacked eventually, but in a completely closed hardware/software environment it should be technically possible to make the device hack proof (or at the very least highly hack resistant).

Look at where we are today. Boot level access is by far the preferred way to jailbreak, but Apple has proven that with the A5 this is no longer a viable route. Jailbreaks since then are being done as software exploits. In an app based environment like iOS resides in, eventually these holes can be patched as well.

Again I'm not saying that they can ever make it 100% hack proof, but they can certainly get close. Assuming they can get 100% secure from the hardware side, and 100% secure from the app store side, and 100% secure from the local programs side. That only leaves exploits via the internet facing side, these too can be closed if Safari wasn't a giant piece of sh..t.

Now all this would take more effort than they are willing to put toward it, but I'd still argue that in a closed system they can make it secure enough that the hackers quit trying. Of course an internet facing device is never really a true closed system, so maybe it isn't possible.

Don't get me wrong I think Apple is still one of the most insecure platforms today, but it has the potential to be one of the better ones. Think of Windows 7 security combined with a tightly controlled app store. IMO the biggest obstacle to security is the user, if they physically cannot install crap that isn't pre-certified virus free (aka an app store), they will still get viruses. All it takes is a clever pop up and Joe Bob User will just keep hitting yes to install no matter how many UAC messages you give him. After all he just won a new car!!!


RE: It's futile to try and stop jailbreakers
By omnicronx on 7/18/2011 3:47:44 PM , Rating: 2
quote:
Boot level access is by far the preferred way to jailbreak, but Apple has proven that with the A5 this is no longer a viable route.
No such thing have been proven, Apple just changed the bootrom on the A5 SoC and thus has yet to be cracked. The A5 bootrom was dumped recently, so I doubt they will be able to keep jailbreakers out for long.

I find it hilarious that people continue to believe the myth that something can be 100% hack proof, especially in terms of a device that said hackers have physical access too.


By bah12 on 7/18/2011 5:57:22 PM , Rating: 2
quote:
I find it hilarious that people continue to believe the myth that something can be 100% hack proof, especially in terms of a device that said hackers have physical access too.
As stated I don't think anything can be hack proof, just that a closed system like iOS would be the closest thing we can hope for. I liken it to putting cameras up at your house. A determined crook will break in anyway regardless of your security, what you hope for is that they see them and hit your neighbors house instead.

Certainly with enough physical access to a device anything can be hacked, but what business model holds the best hope that they will move on down the line?


By robinthakur on 7/20/2011 8:20:17 AM , Rating: 2
Another big reason for closing these holes is to protect developers and content owners. Jailbreaking does free you up to do anything you want (within reason) on the device but also opens the way to download pirated apps and to rip streamed content from services like iPlayer. This is one reason why Channel 4 in the UK didn't release it's streaming player app on the iPhone I recall but did release it on the iPad! Developers would soon get cheessed off with the iOS platform if their revenues took a bigger dip due to piracy, so Apple is prtecting itself in this sense...


By robinthakur on 7/20/2011 8:21:40 AM , Rating: 2
Another big reason for closing these holes is to protect developers and content owners. Jailbreaking does free you up to do anything you want (within reason) on the device but also opens the way to download pirated apps and to rip streamed content from services like iPlayer. This is one reason why Channel 4 in the UK didn't release it's streaming player app on the iPhone I recall but did release it on the iPad! Developers would soon get cheessed off with the iOS platform if their revenues took a bigger dip due to piracy, so Apple is protecting itself in this sense...


"DailyTech is the best kept secret on the Internet." -- Larry Barber














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki