Slash Lane
Earlier this week, Apple released iOS 4.0.2 for the iPhone 3G, iPhone 3GS, iPhone 4, and second- and third-generation iPod touch models, addressing a dangerous security flaw that could allow a hacker to take remote control of a device. It also released iOS 3.2.2, packing the same fix the iPad and iPad 3G.
But users of the first-generation iPhone and iPod touch do not have access to an official software update from Apple that will fix the PDF exploit. For them, the latest compatible version of iOS is 3.1.3.
A hacker who goes by the handle "Saurik," who also maintains the alternative storefront Cydia, released a PDF patch this week that addresses the exploit for all devices and all firmware versions, dating back to iOS 2.x.
"Since the only reason for 4.0.2 was to fix the security holes, and since the upcoming Cydia package will fix them too (and then some!), everybody should sit tight on 4.0.1 (or lower) and install the Cydia package as soon as it’s out," the iPhone Dev-Team wrote on its official blog. "Jailbreakers can have their cake and eat it too."
Ironically, those same hackers relied on the very same exploit to create a browser-based jailbreak for iOS devices, including the iPhone and iPad.
Jailbreaking allows users to run software not approved by Apple, which has no plans to allow users to install third-party applications downloaded from outside its sanctioned App Store. Hackers have created their own custom applications — many free, and some for purchase from an alternative storefront known as Cydia.
Though it can void Apple's product warranty, the process is legal, as the U.S. Library of Congress officially declared last month. The government approved the measure as an exemption to a federal law which prevents the circumvention of technical measures that keep users from accessing and modifying copyrighted works.
Jailbreaking also allows users to pirate App Store software, one reason Apple has been opposed to the practice.
Andrew Orr
Marko Zivkovic
Christine McKee
Malcolm Owen
Amber Neely
27 Comments
Interesting - I assume they want to close the door behind themselves (i.e., jailbreak then patch).
My only question is, if you're jailbroken and install this patch, and need to restore and rejailbreak your phone, will you have a problem? I guess the answer is no, as long as you manage to restore to 4.0.1.
Goes to show you where Apple's head is at these days. No fix for the antenna, no fix for the proximity sensor, no fix for the 3G that has been hobbled by iOS4. But they couldn't wait to get out a fix to keep you from jailbreaking.
All they care about is keeping you in that walled garden. And you love it don't you guys??
My only question is, if you're jailbroken and install this patch, and need to restore and rejailbreak your phone, will you have a problem? I guess the answer is no, as long as you manage to restore to 4.0.1.
I just checked, and it's a mobilesubstrate add-on, so it should be gone after a restore, making a re-jailbreak possible.
Goes to show you where Apple's head is at these days. No fix for the antenna, no fix for the proximity sensor, no fix for the 3G that has been hobbled by iOS4. But they couldn't wait to get out a fix to keep you from jailbreaking.
All they care about is keeping you in that walled garden. And you love it don't you guys??
Hello!? It's a serious security flaw for non-jailbreakers. You know the regular people. In fact for everyone. The flaw could be used to do much more serious issue than just jailbreaking. Had Too much anti-Apple koolaid today?
It wasn't fixed to stop jailbreakers. I sure as hell don't want my phone compromised coz of a dirty PDF file.