Panic as @comex Releases JailbreakMe Source

[rhekt]

@Comex just widely exposed the exploit. This caused it to get patched. And now it's fixed. In a round about way he fixed the vulnerability.

[Cer0]

^

You obviously forget that XP is almost ten years old and Service pack 3 was release about two years ago. The original iPhone and the 3G aren't nearly as old and this is a known exploit that can completely take over your phone and they are completely ignoring their users and the people that are being raked over the coals for making this public are the ones being blamed. There is ZERO reasons Apple couldn't patch this in an update, they actively choose not to in favor of you buying another product that was just as vulnerable.

Desktop OS and mobile OS play different. Desktop OSs are used by businesses as a main source for everything. Companies don't want to change OSs and reprogram and ensure that things work right every couple years.

Mobile OSs are not as important to a business because it does not run the whole company; it is not relied on to make sure they are able to run for the day.

@Comex just widely exposed the exploit. This caused it to get patched. And now it's fixed. In a round about way he fixed the vulnerability.

Correct and this is what many whitehat hackers do all the time. They find an exploit and let the company know then if they don't do it in a certain amount of time they expose the exploit in order to get the company to fix it.

[LastSonOfKrypton]

A free ride when you're already late.

Don't ever quote Alanis Morisette on these forums again

[mortopher]

How is a 3 year old phone any different than xp os 2 years ago? It was totally up to date then, not ten years old!

Well, on that 2 year old os I can enable, disable, modify, etc. just about every facet of the OS including installing and using an entirely different browser than what comes built-in (not so much on iOS, where you are stuck using the knowingly vulnerable Safari). Even after the official os support ends there are many third party sources that still produce fixes and such to the os.

Now, on that 3 year old phone, the exploits are essentially stuck there completely vulnerable. One may point out that this can be fixed by installing Saurik's patch, but in order to do so you have to jailbreak the phone, thereby doing something that Apple has a track record of showing they are vehemently against.

Manufacturer's support is less and less important the more open a system is, but on an entirely locked down and "jailed" system such as iOS, it's an entirely different scenario.

[DinoBravo]

So I have a question, if you used spirit to JB your phone flashed your system then used sn0wbreeze to install a custom ipsw for 4.0, do you still need the patch? Logic says that now that the exploit has been used all phones are vulnerable correct even if you didnt use jailbreakme to Jb your phone? On 3gs btw.

Thanks in advance

[mortopher]

Yes, you need the patch.

[Tyronal]

Well, on that 2 year old os I can enable, disable, modify, etc. just about every facet of the OS including installing and using an entirely different browser than what comes built-in (not so much on iOS, where you are stuck using the knowingly vulnerable Safari). Even after the official os support ends there are many third party sources that still produce fixes and such to the os.

Now, on that 3 year old phone, the exploits are essentially stuck there completely vulnerable. One may point out that this can be fixed by installing Saurik's patch, but in order to do so you have to jailbreak the phone, thereby doing something that Apple has a track record of showing they are vehemently against.

Manufacturer's support is less and less important the more open a system is, but on an entirely locked down and "jailed" system such as iOS, it's an entirely different scenario.

And what about the security vulnerabilities on IE on the last release of XP? They're still there, open and unpatched especially if you're running flash, which as any person knows has bigger holes that the exxon valdez. IE had a poor record for vulnerabilities, more than the mobile version of safari so far. They're both browsers on unsupported systems (ios 1st gen phone) with vulnerabilities, I can't see how that's an entirely different scenario, unless you have a bias one way or the other. (Was my spelling ok this time)?