« Tales from the queue | Main | Rumor: ultra-portable Mac coming in January »
iPhone update plugs insta-hack hole
Those in the iPhone hacking world got a thrill when a development team was able to come up with an instant jailbreak.
iPhone users could jailbreak their iPhones to accept third-party applications simply by loading up a web page. You call up the site on Safari, and presto, your iPhone is outfitted with everything you'd need to put new non-Apple software on it.
That is, unless you have the latest version of the firmware.
The jailbreak site worked by exploiting a vulnerability in the iPhone's ability to handle TIFF files. The site used the vulnerability to deliver and execute the jailbreaking software onto the iPhone without the user having to do a thing.
Because this is the same way in which some malware attacks are carried out, this was a fairly big concern. The team behind the hack realized this, and thus included a patch that was installed after the jailbreak was completed.
Now, Apple has followed suit and fixed the vulnerability in the 1.1.2 iPhone and iPod Touch firmware update, meaning that the site-based jailbreak no longer works.
Keep in mind, this doesn't prevent the actual jailbreak, it just means that you will have to get off your lazy butt and run the jailbreak software yourself.
That is, until the developers find another hole...
Post a comment