Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
An Apple patch for a jailbreak vulnerability has already been broken but jailbreaking users will need to run the exploit on each reboot.
At the end of last week, Apple released an iOS update to version 4.3.4 to close a hole used by the website ‘JailbreakMe' that appeared earlier this month. Two of the fixes in the update were for font handling issues in PDFs that allow for remote code execution, while the third fix was in the graphics handling code and can be exploited to allow for elevation of privilege.
The ‘JailbreakMe' hack used at least two of the three flaws to jailbreak the iDevices by initially downloading a PDF to gain the ability to run arbitrary code and then sending down a PNG file that elevated itself to root to perform the jailbreak.
According to redmondpie.com, the new jailbreak method does not work for iPad2 users and cannot be done by visiting a website. Wannabe jailbreakers will need to do a tethered jailbreak every time they reboot the device.
“Apple's latest security fix has been circumvented already," Sophos Asia Pacific head of technology Paul Ducklin said. "With this in mind, the tricky question becomes ‘whom should I trust more, Apple or the jailbreakers?' I can't answer that question and if your iDevice is provided by your company, you shouldn't try to answer it by yourself."
“So if you're thinking of jailbreaking, ask yourself, ‘do I distrust the jailbreakers?' If not, then jailbreaking may be for you. Just be sure to read all the security guidelines associated with the process and be sure you have the explicit permission of the owner of the device.”
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.