• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Big Surprise, Apple Plans to Fix JailbreakMe PDF Exploit in Next iOS Update



    Turns out JailbreakMe's run will be short lived. Like abandoned-toy-yorkie short lived.

    JailbreakMe relies on a PDF exploit and according to the Associated Press an Apple spokesperson informed them that Apple is "aware of this reported issue and developing a fix that will be available to customers in an upcoming software update."

    Granted the JailbreakMe process uses an exploit that Apple was likely to change anyway, but can't Cupertino just let us be? Seriously, how long did we patiently (or impatiently) wait for an iPad 2 jailbreak. How much easier could jailbreaking a device be than visiting a website and pushing a button. I sure am glad Apple is "developing a fix that will be available to customers," though.

    Soon it'll be back to the drawing board when iOS 5 comes out. iPhone users will likely not have to wait very long after iOS 5's release for a jailbreak, but iPad 2 users could be left out in the cold, cold world or jailbreaklessness for a long time again.

    Enjoy it while you can people. Unless of course you choose to never update your firmware again or upgrade to iOS 5. In which case, more power to you.

    Source: Associate Press
    This article was originally published in forum thread: Big Surprise, Apple Plans to Fix JailbreakMe PDF Exploit in Next iOS Update started by Phillip Swanson View original post
    Comments 44 Comments
    1. Cer0's Avatar
      Cer0 -
      Quote Originally Posted by AUZambo View Post
      Yeah...I figured they weren't exactly the same, but they are both PDF exploits that are executed within mobile safari. To me, that's close enough to being the same that it surprised me that Apple let this one slip by them.
      PDF has many, many issues and always has. I am sure there are several more with it that nobody has mentioned or found yet. Actually all sorts of software is this way too. Only way Apple to stop it in your logic would be to not allow safari to make PDF files viewable within Safari.
    1. ventodivino's Avatar
      ventodivino -
      So they will release an update that does nothing but kill the vulnerability and maybe add an upcoming feature to persuade people to go for it.... Bfd doesn't mean you have to update.
    1. NOYB111's Avatar
      NOYB111 -
      Question - if Apple patches it with a software fix, why cant the hole be reopened by undoing their patch provided you have your Shsh? I have no idea what is involved. Just curious. Perhaps a jailbreak that uses a new iOS 5.0 Firmware but reopens the hole while updating?
    1. Xenthis's Avatar
      Xenthis -
      #1 Typical Apple
      #2 I am still running 4.1 on my IPT 4G and I don't plan to upgrade anytime soon.
    1. ikesmasher's Avatar
      ikesmasher -
      lol apple talks about it like its a virus
    1. Subtenko's Avatar
      Subtenko -
      Everyone spread the word to your fellow iPhone users! Tell them dont upgrade and jailbreak! Just spread the news is all you can do.
    1. CONVBMW's Avatar
      CONVBMW -
      Shocker.
    1. koreanmasters99's Avatar
      koreanmasters99 -
      already done it!
      Works great!
      But I won't be needing a new IOS until
      the next jailbreak it available.
      darn
      so much thing i can put on it.
      thnx for all guys!

      now only if they can turn the ipad 2 with dialing capabilities like the iphone.
      i mean real calling
    1. GrandMstrBud's Avatar
      GrandMstrBud -
      Quote Originally Posted by nixus View Post
      Not completely true in case of ipad 2 With 3G, when SHSH blobs are generated randomly each time the firmware upgrade is done
      So with the iPad 2 once apple stops signing 4.3.3 we can't restore even though the SHSH blobs are saved?
    1. mmaboi21's Avatar
      mmaboi21 -
      Quote Originally Posted by Cer0 View Post
      It's not the same. And Apple doesn't want a security flaw left in the system.
      Semi

      It was patched, just not properly.
    1. AUZambo's Avatar
      AUZambo -
      Quote Originally Posted by SsputniikK View Post
      bad move form hackers. Didnīt they expect this coming?
      I'm gonna disagree and say it was a great move. iPad 2 users have been waiting forever for their jailbreak. Comex (the hacker) knew this and therefore released the jailbreak as quickly as he could before it was patched up.

      Keep in mind that Apple is also looking for vulnerabilities and there is a chance that they would have patched it anyway with a 4.3.4 release. This jailbreak will ALWAYS work with 4.3.3...so I don't see any problems with releasing it.
    1. Jay316's Avatar
      Jay316 -
      It's funny how Apple are trying to look like they still give a **** about jailbreakers

      Exploit found > Patch it with an update
      Exploit found > Patch it with an update
      Exploit found > Patch it with an update
      Exploit found > Patch it with an update
      Exploit found > Patch it with an update

      Really Apple, just stop half arsing it
    1. derailedz0r's Avatar
      derailedz0r -
      Add the new iPhone (5/4s) buyers to the cold cold outside.
    1. BenderRodriguez's Avatar
      BenderRodriguez -
      I now that there was no 4.3.3 jailbreak for iPad 2 but since it's a hole in EVERY iDevice why in the world could it not wait till iOS5?
    1. mmaboi21's Avatar
      mmaboi21 -
      Quote Originally Posted by BenderRodriguez View Post
      I now that there was no 4.3.3 jailbreak for iPad 2 but since it's a hole in EVERY iDevice why in the world could it not wait till iOS5?
      That's their reason for justification.
    1. ripped53's Avatar
      ripped53 -
      Apple why don't you guys just leave us to hell alone. Its because of comex and other dev team members that I* contunue to buy* your wonderful products with your lame azz restrictions.* I repeat please apple leave us the f*** alone .* It is because of the recent jailbreak that I am taking back of samsung galaxy tab 10.1 and not an ipad 2.* Apple you really do need to get your sh** together and leave us jailbreakers alone or start giving us, the consumer some flexibility and options.* I get so frikin tired or starring at a plan screen with square azz icons on it. It is because of the jailbreak community that you continue to have customers like me.* That is all for now.* Sorry just had to vent.
    1. freddiepr's Avatar
      freddiepr -
      It is already done... I just updated my iPhone 4 to iOS4.3.3 and Jailbreakme starts installing Cydia and then aborts the installation. Tried several times on 3G and Wifi.
    1. AUZambo's Avatar
      AUZambo -
      Quote Originally Posted by Cer0 View Post
      PDF has many, many issues and always has. I am sure there are several more with it that nobody has mentioned or found yet. Actually all sorts of software is this way too. Only way Apple to stop it in your logic would be to not allow safari to make PDF files viewable within Safari.
      Thank you. I didn't know that....obviously.
    1. raduga's Avatar
      raduga -
      Quote Originally Posted by AUZambo View Post
      I'm gonna disagree and say it was a great move. iPad 2 users have been waiting forever for their jailbreak. Comex (the hacker) knew this and therefore released the jailbreak as quickly as he could before it was patched up.

      Keep in mind that Apple is also looking for vulnerabilities and there is a chance that they would have patched it anyway with a 4.3.4 release. This jailbreak will ALWAYS work with 4.3.3...so I don't see any problems with releasing it.
      I'm gonna disagree with you and agree with SSputniikk on details.

      Comex (a hacker) identified the security flaw some time ago, and was trying to keep it under wraps for as long as possible- so that when released it would benefit the greatest number of users and machines and software combinations.

      A jerk (whom I won't name, but who is allegedly also A Hacker) either independently discovered the same exploit, or more likely, heard about it from Comex and other JB developers. He thought it was awesome cool, so released it almost immediately, despite the usual warnings from other, wiser devs. He chatted with Comex too, but decided that he was still way awesomer and cooler than Comex, so he released full details of the exploit anyway.

      Comex then, hacked up a JB kit (in discussion with other developers) and released jailbreakme.com v3 ASAP, so iPad/iPhone/iPod users (but mostly iPad, and mostly iPad v2) could get some use out of the flaw before Apple patched it.

      Quote Originally Posted by SsputniikK View Post
      bad move form hackers. Didnīt they expect this coming?
      Comex made the best move he could, under the circumstances. But the ones who forced his hand were pretty boneheaded. And no, they don't typically expect it coming, or much care if it does.
    1. wesboy's Avatar
      wesboy -
      Quote Originally Posted by freddiepr View Post
      It is already done... I just updated my iPhone 4 to iOS4.3.3 and Jailbreakme starts installing Cydia and then aborts the installation. Tried several times on 3G and Wifi.
      Then use sn0wbreeze on iPhone 4 on 4.3.3.......