Apple iOS 4.3.4 jailbreak bugfix jailbroken already

Most iPhone and iPad users are perfectly happy with the software on the device as it is shipped by Apple.

A minority, however, prefer to open up their devices. By doing this, they can:

* Run applications and extensions not approved by Apple.

* Download software from alternative appstores, without tying those downloads to an Apple account.

* Access all the files and configuration data on their device directly, in order better to understand and secure it.

Liberating your device sounds like a great idea, but this behaviour has been stigmatised amongst corporate users.

Firstly, the action of removing artificial security restrictions is known as "jailbreaking," making it sound like a doubly-dangerous criminal act. (Since only crooks are supposed to be in jail in the first place, jailbreakers are not only criminals, but recidivists to boot.)

Secondly, jailbreaking opens up the less security-savvy user to additional risks. Some jailbreakers don't take on the additional responsibility which goes with the increased power over their device. That's how the now-infamous iPhone viruses Ikee and Duh were able to spread.

Thirdly, jailbreaking isn't supposed to be possible. So every jailbreak relies on you exploiting a software vulnerability to escape from Apple's artificial strictures. That means you have to trust the creators of the jailbreak not to abuse the exploit you're choosing to run against your device.

The flipside, of course, is that those who don't jailbreak their phones are trusting Apple not to leave the sort of exploitable hole that would permit crooks to break into the internals of their device.

And Apple hasn't been terribly trustworthy on that score. Despite a solid commercial reason for keeping its devices secure - namely, that an unjailbroken device can only shop at the Apple AppStore - few of Apple's operating system versions stay safe for very long.

Early in July, the JailbreakMe site published an automated, on-line method for opening recent iDevices running iOS 4.3.3.

(The jailbreakers also provided a patch by which you could close the remotely exploitable hole, for your own safety, after jailbreaking.)

Apple, to its credit, caught up within two weeks with an iOS update to version 4.3.4, closing the hole used by JailbreakMe.

But the jailbreakers claim to be back in already. By all reports, the latest jailbreak doesn't work for iPad2 users, and it can't be done simply by visiting a website.

You need to plug your device in to a computer, in what's called a "tethered" jailbreak, and you need to re-jailbreak it every time you reboot.

Nevertheless, Apple's latest security fix has been circumvented already.

With this in mind, the tricky question becomes, "Whom should I trust more: Apple or the jailbreakers?"

I can't answer that question - and if your iDevice is provided by your company, you shouldn't try to answer it by yourself.

Perhaps the best way to approach the issue is to rephrase it more equivocally, in the manner of Google, which sets out not to be evil, rather than actually to be good.

So, if you're thinking of jailbreaking, ask yourself, "Do I distrust the jailbreakers." If not, then jailbreaking may be for you. Just be sure to read all the security guidelines associated with the process, and be sure you have the explicit permission of the owner of the device.

PS. I have an iPad. It is jailbroken.

Follow @duckblog

Apple releases iOS 4.3.4/4.2.9 to fix JailBreakMe.com flaw

Hands holding jail barsAfter a little more than a week after disclosure, Apple has patched three flaws in iOS for iPod Touch, iPad, iPad2, iPhone 3GS, iPhone 4 and the Verizon iPhone.

You may recall the return of the website JailBreakMe.com 10 days ago which exploited these vulnerabilities to provide an easy method of jailbreaking your iDevice.

The updated version for all but the Verizon iPhone is version 4.3.4, while Verizon customers can update to 4.2.9. To update just open iTunes, check for updates and plug in your phone/MP3 player/tablet.

This raises one of my big pet peeves with Apple products.. Why do I have to tether to update? Oh! I see you will have that feature in iOS 5? I guess I will stay vulnerable until I happen to be in the same city as my copy of iTunes...

JailBreakMe do not update warningTwo of the fixes are for font handling issues in PDFs that allow for remote code execution (RCE). The third fix is in the graphics handling code and can be exploited to allow for elevation of privilege (EoP).

It appears the JailBreakMe.com hack used at least two of the three flaws to jailbreak the iDevices. It initially downloaded a PDF to gain the ability to run arbitrary code and then sent down a PNG file that elevated itself to root to perform the jailbreak.

If your phone is not jailbroken, I recommend updating as soon as possible. If you have jailbroken your device you will need to decide if you wish to trust the unofficial "patch" on Cydia and stay jailbroken, or if you should join the herd and go with Apple.