Apple 4.3.4 users must jailbreak on reboot

An Apple patch for a jailbreak vulnerability has already been broken but jailbreaking users will need to run the exploit on each reboot.

At the end of last week, Apple released an iOS update to version 4.3.4 to close a hole used by the website ‘JailbreakMe' that appeared earlier this month. Two of the fixes in the update were for font handling issues in PDFs that allow for remote code execution, while the third fix was in the graphics handling code and can be exploited to allow for elevation of privilege.

The ‘JailbreakMe' hack used at least two of the three flaws to jailbreak the iDevices by initially downloading a PDF to gain the ability to run arbitrary code and then sending down a PNG file that elevated itself to root to perform the jailbreak.

According to redmondpie.com, the new jailbreak method does not work for iPad2 users and cannot be done by visiting a website. Wannabe jailbreakers will need to do a tethered jailbreak every time they reboot the device.

“Apple's latest security fix has been circumvented already," Sophos Asia Pacific head of technology Paul Ducklin said. "With this in mind, the tricky question becomes ‘whom should I trust more, Apple or the jailbreakers?' I can't answer that question and if your iDevice is provided by your company, you shouldn't try to answer it by yourself."

“So if you're thinking of jailbreaking, ask yourself, ‘do I distrust the jailbreakers?' If not, then jailbreaking may be for you. Just be sure to read all the security guidelines associated with the process and be sure you have the explicit permission of the owner of the device.”

This article originally appeared at scmagazineuk.com