Apple 4.3.4 users must jailbreak on reboot

By

An Apple patch for a jailbreak vulnerability has already been broken.

An Apple patch for a jailbreak vulnerability has already been broken but jailbreaking users will need to run the exploit on each reboot.

Apple 4.3.4 users must jailbreak on reboot

At the end of last week, Apple released an iOS update to version 4.3.4 to close a hole used by the website ‘JailbreakMe' that appeared earlier this month. Two of the fixes in the update were for font handling issues in PDFs that allow for remote code execution, while the third fix was in the graphics handling code and can be exploited to allow for elevation of privilege.

The ‘JailbreakMe' hack used at least two of the three flaws to jailbreak the iDevices by initially downloading a PDF to gain the ability to run arbitrary code and then sending down a PNG file that elevated itself to root to perform the jailbreak.

According to redmondpie.com, the new jailbreak method does not work for iPad2 users and cannot be done by visiting a website. Wannabe jailbreakers will need to do a tethered jailbreak every time they reboot the device.

“Apple's latest security fix has been circumvented already," Sophos Asia Pacific head of technology Paul Ducklin said. "With this in mind, the tricky question becomes ‘whom should I trust more, Apple or the jailbreakers?' I can't answer that question and if your iDevice is provided by your company, you shouldn't try to answer it by yourself."

“So if you're thinking of jailbreaking, ask yourself, ‘do I distrust the jailbreakers?' If not, then jailbreaking may be for you. Just be sure to read all the security guidelines associated with the process and be sure you have the explicit permission of the owner of the device.”

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?