Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Hackers patch PDF exploit on older, jailbroken iOS devices

Apple has not released a patch for a PDF exploit that affects older iPhones and iPod touches, but ironically hackers who have used the security flaw to "jailbreak" iOS devices have delivered their own fix.

Earlier this week, Apple released iOS 4.0.2 for the iPhone 3G, iPhone 3GS, iPhone 4, and second- and third-generation iPod touch models, addressing a dangerous security flaw that could allow a hacker to take remote control of a device. It also released iOS 3.2.2, packing the same fix the iPad and iPad 3G.

But users of the first-generation iPhone and iPod touch do not have access to an official software update from Apple that will fix the PDF exploit. For them, the latest compatible version of iOS is 3.1.3.

A hacker who goes by the handle "Saurik," who also maintains the alternative storefront Cydia, released a PDF patch this week that addresses the exploit for all devices and all firmware versions, dating back to iOS 2.x.

"Since the only reason for 4.0.2 was to fix the security holes, and since the upcoming Cydia package will fix them too (and then some!), everybody should sit tight on 4.0.1 (or lower) and install the Cydia package as soon as it’s out," the iPhone Dev-Team wrote on its official blog. "Jailbreakers can have their cake and eat it too."

Ironically, those same hackers relied on the very same exploit to create a browser-based jailbreak for iOS devices, including the iPhone and iPad.

Jailbreaking allows users to run software not approved by Apple, which has no plans to allow users to install third-party applications downloaded from outside its sanctioned App Store. Hackers have created their own custom applications — many free, and some for purchase from an alternative storefront known as Cydia.

Though it can void Apple's product warranty, the process is legal, as the U.S. Library of Congress officially declared last month. The government approved the measure as an exemption to a federal law which prevents the circumvention of technical measures that keep users from accessing and modifying copyrighted works.

Jailbreaking also allows users to pirate App Store software, one reason Apple has been opposed to the practice.



27 Comments

damn_its_hot 15 Years · 1213 comments

Interesting - I assume they want to close the door behind themselves (i.e., jailbreak then patch).

pmz 15 Years · 3429 comments

My only question is, if you're jailbroken and install this patch, and need to restore and rejailbreak your phone, will you have a problem? I guess the answer is no, as long as you manage to restore to 4.0.1.

blackintosh 14 Years · 479 comments

Goes to show you where Apple's head is at these days. No fix for the antenna, no fix for the proximity sensor, no fix for the 3G that has been hobbled by iOS4. But they couldn't wait to get out a fix to keep you from jailbreaking.

All they care about is keeping you in that walled garden. And you love it don't you guys??

exscape 16 Years · 26 comments

Quote:
Originally Posted by pmz

My only question is, if you're jailbroken and install this patch, and need to restore and rejailbreak your phone, will you have a problem? I guess the answer is no, as long as you manage to restore to 4.0.1.

I just checked, and it's a mobilesubstrate add-on, so it should be gone after a restore, making a re-jailbreak possible.

wurm5150 14 Years · 763 comments

Quote:
Originally Posted by Blackintosh

Goes to show you where Apple's head is at these days. No fix for the antenna, no fix for the proximity sensor, no fix for the 3G that has been hobbled by iOS4. But they couldn't wait to get out a fix to keep you from jailbreaking.

All they care about is keeping you in that walled garden. And you love it don't you guys??

Hello!? It's a serious security flaw for non-jailbreakers. You know the regular people. In fact for everyone. The flaw could be used to do much more serious issue than just jailbreaking. Had Too much anti-Apple koolaid today?

It wasn't fixed to stop jailbreakers. I sure as hell don't want my phone compromised coz of a dirty PDF file.