iPhone exploit code: ‘Impressive, dangerous’
p2pnet view Security | Mobiles:- “Source code of the jailbreakme exploit released by @comex: http://bit.ly/aXeeLe Impressive. And dangerous.”
So says F-Secure’s Mikko Hypponen on Twitter.
“Apple has fixed a security hole used to get around restrictions on what applications can run on iPhones, iPads, and the iPod Touch”, says the BBC.
Comex, maker of JailbreakMe 2.0, “released code that others could put to use hijacking iPhones, iPod Touches and iPads”, says Computerworld.
The exploits he used to jailbreak the iOS “could be used for other purposes, including delivering malicious payloads to grab control of iPhones, iPads, and iPod Touches”, it says, going all that’d be necessary would be for hackers to dupe users into visiting a malicious Web site, or persuade them to click on a link in an e-mail or text message.
But “Apple did not patch 2007′s first-generation iPhone or iPod Touch yesterday, delivering the update only to the iPhone 3G or later running the iOS 2.0 or later, and to the second-generation iPod Touch or later running iOS 2.1 or later”, says the story, pointing out >>>
Lacking patches, those early models may be vulnerable to attack.
Also possibly at risk: Mac OS X. Like iOS, Apple’s desktop operating system includes the FreeType font engine, which may be vulnerable to the same or a similar exploit.
And users who have used comex’s code to jailbreak their iPhones have a decision to make. If they accept Wednesday’s update, they lose the ability to install and run software not approved by Apple. But by ignoring the update, they may be victimized by future attacks based on the public code.
Security experts “urged everyone, jailbreakers included, to apply the update”, Computerworld says.
… and identi.ca
BBC – Apple issues fixes for ‘drive-by’ attacks, August 12, 2010
Computerworld – Dangerous’ iPhone exploit code goes public, August 12, 2010
August, 2010
Use free p2pnet newsfeeds for your site. It`s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
August 12th, 2010 at 10:08 am
Couple extra details. Once jailbroken you can install a patch via Cydia that fixes the security issue, so there is no need to choose between jailbreaking and secuity. In fact, a similar patch was available in Cydia BEFORE Apple released theirs, so for awhile jailbraking was the only way to patch the hole. And now that Apple has decided not to patch old devices jailbreaking is now officially the only way to ecure your 2G iPhone or iPod Touch. Kind of ironic really.
Of course, if Apple just provided a safe way to get root access to the device you purchased (like every computer you’ve ever bought) people wouldn’t have resort to using security holes.
Sent from my jailbroken iPhone
August 12th, 2010 at 10:52 am
>Of course, if Apple just provided a safe way to get root access to the device you purchased (like every computer you’ve ever bought) people wouldn’t have resort to using security holes.
that would imply that apple willingly gives you any control over the device, c’mon, think of the children, we must hide them from all these boobies and sex, cause none of that happens in the real world, and apple is the blinding beacon of hope in teaching kids that no-one in the world truly uses the f word!
/sarcasm