Jailbreak artists exploit unpatched Apple iPhone, iPad bugs
But also provide patch to fix flaws, which Apple will probably do soon, says expert
Computerworld - Developers today said they used a pair of unpatched vulnerabilities in Apple's iOS to "jailbreak" the iPhone and iPad, including the first-ever hack of the iPad 2.
Some security experts immediately said the unfixed flaw -- and the fact it's essentially been released into the wild for miscreants to exploit -- posed a danger to iPhone and iPad owners.
"If they exploited the same vulnerability in a copy-cat maneuver, cybercriminals could create booby-trapped webpages that could -- if visited by an unsuspecting iPhone, iPod Touch or iPad owner -- run code on visiting devices," warned Graham Cluley, a senior technology consultant with U.K.-based Sophos, in a blog post.
To jailbreak an iOS device, users must visit the JailbreakMe website with an iPhone, iPad or iPod Touch running the current version of iOS, then install JailbreakMe 3.0.
The hack was released by a team led by someone identified only as "comex," and is the latest in a string of exploits that have circumvented Apple's App Store-only model, including one issued by the same group last August, just weeks after Apple rolled out iOS 4.
Ten days after JailbreakMe 2.0's 2010 debut, Apple patched the two vulnerabilities used by comex.
Charlie Miller, the only person to win prizes four years running at the Pwn2Own hacking contest, and a principal research consultant for Denver-based Accuvant, said it was likely Apple would react quickly to the newest jailbreak.
"This one is a remote code executable vulnerability," said Miller of one of the two bugs exploited by JailbreakMe 3.0. "Apple will probably patch this in a couple of weeks at the most."
Like Cluley, Miller was concerned by the bugs and exploits. "They're certainly a threat, and would be easy to make malicious," he said.
Miller also noted that because comex released a patch for the vulnerabilities at the same time as JailbreakMe 3.0, the situation wasn't serious. "For anyone worried about security, they can jailbreak their iPhone and then apply the patch," Miller said.
Comex published the fix, dubbed "PDF Patcher 2," on the Cydia app store, a popular site for downloading applications that run only on jailbroken iOS devices.
"Due to the nature of iOS, this patch can only be installed on a jailbroken device," said comex in a short FAQ on JailbreakMe. "Until Apple releases an update, jailbreaking will ironically be the best way to remain secure."
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Three Best Practices to Help Government Agencies Overcome BYOD Challenges This paper highlightschallenges facing government IT in a BYOD environment and discusses strategies for network preparation, ongoing support, and securing information to enable...
- Review: Box beats Dropbox - and all the rest - for business Box trumps Dropbox, Engyte, Citrix ShareFile, EMC Syncplicity, and OwnCloud with rich mix of file sync, file sharing, user management, deep reporting and...
- Analyst Report-Mixed All Flash Arrays Delivers Safer Higher Performance What is the impact of an all-flash array with enterprise features and reliability on the mainstream data center? In the mainstream environment, storage...
- Embracing Flash Storage Exec Brief Flash storage can deliver impressive performance, especially for random I/O, by eliminating rotational and seek latencies that are common in all hard disk...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Macintosh White Papers |