• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • iOS 4.3.4 Released - Stay Away If Jailbroken


    Today, Apple has released the newest updated version of iOS - 4.3.4. This release is a rebuttal to the PDF exploit found and implemented in comex (@comex)'s JailbreakMe 3.0. The PDF hole was a security issue regardless of the involvement of JailbreakMe - however, news of this hole reached Apple because of what comex did with JailbreakMe 3.0 (also potentially by the leaked version before release of JailbreakMe 3.0). iOS 4.3.4 is for all iDevices - iPhone, iPod, and iPad (1 - 2).

    A word of warning from MuscleNerd (@MuscleNerd):



    If you value your jailbreak, do NOT update: make sure to preserve your SHSH blobs also.

    A support document from Apple gives an overview of the security content in iOS 4.3.4:

    Security Content of iOS 4.3.4

    A shout-out to @iNeal11 for catching my attention on Twitter - give him a follow!

    UPDATED: This update includes Verizon devices also (4.2.9). Same disclaimer as above.

    Source(s): Apple
    This article was originally published in forum thread: iOS 4.3.4 Released - Stay Away If Jailbroken started by Joshua Tucker View original post
    Comments 83 Comments
    1. Truckerbear's Avatar
      Truckerbear -
      I have been saying for a while stay away from iPad 2. Its a under glorified iPad. Just like the iPhone 3G. The next iPad will be awesome like the 3GS was. Better cameras, better resolution... Worth the wait. I'm sticking with my iPad 1's till the next iPad. My iPhone 4 will do all I need for now as far as iMovie and Facetime.
    1. raduga's Avatar
      raduga -
      Quote Originally Posted by Simon View Post
      I hope this didn't patch the i0nic untether for the other devices as well. If it did I would have to question whether releasing jailbreakme before 5.0 was really necessary or not.
      the i0nic bug has been out for awhile.
      Apple knows about it, but for some unknown reason hadn't bothered to fix it with 4.3.2 or 4.3.3. Chances are, it got patched with 4.3.4 [can't confirm that yet] but chances were good that it would have been patched back in 4.3.3, too.

      It won't help iPad 2 users anyway. They needed something new,
      like a userland exploit: (JBM 3)

      Comex et al released JBM 3.0 in response to someone else leaking the exploit details and proof-of-concept code, which devteam had really wanted to hold onto until 5.0. Not a great response, but sounds like they made the best of it they could. (what in my opinion, could have been a better response, involves hired mercenaries and be very illegal :0 )

      If if Comex hadn't officially released JBM 3, would Apple have pushed out 4.3.4 anyway, since the exploit was now public and "in the wild"? And people were blogging about it all over the net?

      Probably. Maybe not as quick as they did. Less visibility = less urgency.

      But chances are, Apple WOULD release a new update before 5.0 anyway, and the window of opportunity for using that bug to jailbreak might well be closed before anyone could use it. And iPad 2 users might have to wait even longer for a jailbreak. (months? months after 5.0?)
    1. Simon's Avatar
      Simon -
      The i0n1c untether has indeed been patched as he has confirmed on his twitter.

      Had comex's jailbreak and leak before hand not happened I dont think Apple would have released 4.3.4 at all. Except for iPad 2 we would have most likely had a even longer extended untether period for all of the other idevices since we saw that Apple did not have any sense of urgency in patching i0n1c's untether. Sure, they had patched it already in the 5.0 betas but the pdf exploit coming out is what forced their hand to release 4.3.4.

      That is the reason why I question whether it was worth it or not. Ipad 2 wifi's with 4.3.3 SHSH are fine. 3G models are screwed as soon as a restore is needed. And as a side effect new iPhones sold with 4.3.4 on them will be tethered jailbreaks.
    1. raduga's Avatar
      raduga -
      Quote Originally Posted by Simon View Post
      The i0n1c untether has indeed been patched as he has confirmed on his twitter.

      Had comex's jailbreak and leak before hand not happened I dont think Apple would have released 4.3.4 at all. Except for iPad 2 we would have most likely had a even longer extended untether period for all of the other idevices since we saw that Apple did not have any sense of urgency in patching i0n1c's untether. Sure, they had patched it already in the 5.0 betas but the pdf exploit coming out is what forced their hand to release 4.3.4.

      That is the reason why I question whether it was worth it or not. Ipad 2 wifi's with 4.3.3 SHSH are fine. 3G models are screwed as soon as a restore is needed. And as a side effect new iPhones sold with 4.3.4 on them will be tethered jailbreaks.
      The issue of Comex' fileserver being h4x0red and its contents thrown up on the web,
      and Comex subsequently deciding to release JBM 3.0 before the inevitable 4.3.4 (since the exploit was already BURNED, and not by his choice)

      are IMO, two different problems.

      tweets for context:
      Comex hesitated for the issue of whether release saffron jailbreak | iPad 2 iPhone 5 jailbreak for apps
    1. Simon's Avatar
      Simon -
      Quote Originally Posted by raduga View Post
      The issue of Comex' fileserver being h4x0red and its contents thrown up on the web,
      and Comex subsequently deciding to release JBM 3.0 before the inevitable 4.3.4 (since the exploit was already BURNED, and not by his choice)

      are IMO, two different problems.

      tweets for context:
      Comex hesitated for the issue of whether release saffron jailbreak | iPad 2 iPhone 5 jailbreak for apps
      I agree with you. Don't blame comex at all. Once leaked he was pretty much forced into the whole thing. I was just trying to say without the leak there may not have ever been a 4.3.4. Apple would have most likely waited for 5.0 to patch the i0n1c untether.
    1. brab's Avatar
      brab -
      My iPad2 just shipped on Friday, now I am sh*****g whether it shipped with 4.3.4 or not.
      If it did I might have to return it and go to BestBuy hoping theirs are still 4.3.3.

      How long does Apple usually keep signing older firmware?
      Reason why I asked is that I won't be able to get my hands on it until next Saturday to save SHSH blobs even if it's on 4.3.3 and I know iFaith doesn't work on iPad2.

      NOTE:
      I just thought about it and it doesn't really matter if Apple stops signing the firmware (I can always save SHSH with TinyUmbrella, even if Apple is not signing the firmware) my only issue is that I need the iPad to have 4.3.3 shipped, correct?
    1. Simon's Avatar
      Simon -
      Apple will almost definitely have stopped signing 4.3.3 by next Saturday. That means you will not be able to save SHSH for 4.3.3. Tiny umbrella can only save SHSH for firmware that apple is still signing. It doesn't matter if it stills has 4.3.3 on it or not.
    1. i.Annie's Avatar
      i.Annie -
      brab, that method to save SHSHs for whatever the device is on is not done through TinyUmbrella. It is done through iFaith. However, it does not apply to the iPad 2
    1. brab's Avatar
      brab -
      So basically the way I see things is that I can only hope that it ships with 4.3.3 and make sure I don't mess it up (so I have to restore) until next jailbreakable firmware, correct?
    1. Simon's Avatar
      Simon -
      Correct
    1. brab's Avatar
      brab -
      That's one of the reasons I switched to Android for my phone last year, coz with it once you "jailbreak" the phone is good for its lifetime.
      With Apple stuff it's always cat and mouse game.

      I used TinyUmbrella with my iPhone before, but I never had any idea that it works only when Apple is signing the firmware.

      Thanks for the help guys!!!
      I will keep my fingers crossed that it shipped with 4.3.3...I badly wanna use XMBC on it, and unfortunately JB is needed for it.

      Btw, from your experience from the past (if you have any clue) if the device ships the same day as they release new iOS, does it come with the new iOS or not?
      I am just trying to figure out what are my odds of having 4.3.3 on it.
      On the status it had "Prepared for shipment on 7/14", so I assume it was packed a day earlier.

      Note:
      I don't mean to start any flaming wars just stating my objective opinion.
    1. i.Annie's Avatar
      i.Annie -
      You're entitled to your opinion however I disagree. Apple is always updating firmware versions to better iOS. Sometimes the fw updates are really silly or useless but a lot of times they provide great improvements. The iPhone's jb community is also amazing, so if you take the proper precautions, you can maintain that jailbreak and continue to use the great tweaks and apps that the jb dev community provides.

      That and the App Store is pretty awesome

      There must be a reason why you want an iDevice, otherwise Android tablets/phones would surely satisfy you now and you wouldn't be buying an iPad. Lol I'm just sayin' it ain't all bad.
    1. brab's Avatar
      brab -
      Annie,

      You misunderstood what I was saying....just as info I was an iPhone user since 2G and I have one brand new iPhone4 that I don't use.

      On Android once you remove the initial protections you never have to worry about the phone being "locked" again (as long as you use custom ROMs, which are most of the time released even before official software update comes out) and there has been 3 new software revisions since I got the phone (November), which brought new features.

      I've been using Galaxy Tab since February and was happy with it (bought my wife an iPad a couple of months ago), and I sold it to a buddy last week as a great deal to try out iPad2, as I get bored with things rather quickly.
      Here in Croatia I can sell a used iPad for more money than I paid for it new in the states, so even if I don't end up liking it, it will be easy to get rid of it.

      I have utmost respect for Apple products and I think they are very high quality (otherwise I wouldn't shell out $800+ for it ), however just like Saurik I cannot stand their politics of not being able to do with my device whatever I want.
      If it was an open system I probably would have never switched.

      So to back up your statement, it there wasn't this awesome JB community, I wouldn't own an Apple product anymore. :P

      I had to iPad shipped to my buddy, so as soon as he receives (hopefully Wednesday/Thursday) if Apple is still signing 4.3.3 I will have him use TinyU on his computer to save SHSH and then I'll copy the data on a USB key and take it with me...if it comes with 4.3.3 that is.
    1. Simon's Avatar
      Simon -
      Quote Originally Posted by brab View Post
      On Android once you remove the initial protections you never have to worry about the phone being "locked" again (as long as you use custom ROMs
      This is the part of your post where you unknowingly proved against your point
      What happens if you were to restore/update your rooted android device to a regular firmware? All those nice CPU tweaks etc stop working dont they

      Same can be said for a idevice. Once it is jailbroken to the point that custom firmware can be used you can always remain jailbroken when updating. Although I do agree that Android handset makers are generally more open to rooting than Apple is to jailbreaking.
    1. i.Annie's Avatar
      i.Annie -
      Oh no I understood you lol. I don't have an argument against Android, I just disagree with you that in any aspect is Android more beneficial than an iDevice.

      Whatever iDevices lack, they compensate with something else and whatever stipulation/obstacle Apple throws against jailbreaking, that's something I'm willing to deal with.
    1. Stray's Avatar
      Stray -
      Quote Originally Posted by Simon View Post
      This is the part of your post where you unknowingly proved against your point
      What happens if you were to restore/update your rooted android device to a regular firmware? All those nice CPU tweaks etc stop working dont they

      Same can be said for a idevice. Once it is jailbroken to the point that custom firmware can be used you can always remain jailbroken when updating. Although I do agree that Android handset makers are generally more open to rooting than Apple is to jailbreaking.
      +1 with the openness of android although I do have to say with all of the rooting of android phones/tablets they are way more vulnerable to attacks, as with Apple if they find out about a security hole they'll release a new firmware update 4.3.4 as an example, but with android they'll take their time with it.

      @anyone who tries coming back at me my current phone is the Galaxy S 4G so I am not a fanboy.
    1. i.Annie's Avatar
      i.Annie -
      @Stray, that was one point I was trying to depict but didn't know how to word it. Thanks for speaking my mind
    1. Stray's Avatar
      Stray -
      No problem lol
    1. brab's Avatar
      brab -
      @Simon, yes of course they stop working as you are on a stock ROM!
      But as soon as you do Radio S-Off (Security Off) your phone is "yours" forever...there's no update by OEM that will lock the phone for eternity...only you yourself can lock it back...
      And there's no signing of ROMs so you can go up and down (and all around HAHA) whenever you want...

      When it comes to your statement about openness I couldn't agree more...CEO of HTC came out and issued a public statement that they will be unlocking all bootloaders on all phones (procedure starts in August with the newest 4 phones)...

      I (and I am sure 100% of people on this board) would literally start crying from happiness if Jobsy came out and said something like that!
      However we all know that's not gonna happen...

      @Str4y...funny enough I had 0 issues with the Desire HD when it comes to attacks, yet on the iPhone I got hit with Ikee on 3 different firmwares...and the way I figured it out is that SSH server kept dying on me all the time...
      I know it's just luck of the draw anyway...on my desktop PC I didn't have a virus in years, but I don't run any weird .exes either...
      In general I really do not know anyone with either systems that had any security issues...

      I am like you...own and support both platforms...both myself and the wife switched to Android with our phones, and both have iPads!
    1. i.Annie's Avatar
      i.Annie -
      My oh my, let's just get back on topic now. Both devices have their advantages and differences, but we shouldn't divert from the thread topic. 4.3.4 is the issue at hand.