Risk
9/9/2010
12:02 AM
George V. Hulme
George V. Hulme
Commentary
50%
50%

iPhone iOS Devices Jailbroken

Hackers are claiming to have uncovered a flaw within iPhone and iPod Touch hardware that will make it easy for users to jailbreak their devices. And, if these reports prove accurate, it'll not be a trivial workaround for Apple to fix.

Hackers are claiming to have uncovered a flaw within iPhone and iPod Touch hardware that will make it easy for users to jailbreak their devices. And, if these reports prove accurate, it'll not be a trivial workaround for Apple to fix.Hacker Pod2g from the group Chronix Dev Team claims to have found a boot ROM vulnerability that can be used to create jailbreak exploits for most iPhones and iPod Touches. Such an exploit can't be fixed with a firmware update - rather they require a replacement of the hardware device. That's because once the boot ROM is programmed and set and the phone assembled in the factory, this segment of hardware can't be updated.

That means if you bought your device before today, or before Apple patches the hole in manufacturing, you may be able to jailbreak your device without Apple being able to do much - if anything - about it.

Any day now expect the iPhone Dev Team and others to publish software that will make it simple for anyone to jailbreak their iPhone or Touch.

It seems serendipitous that the jailbreakable vulnerability was announced on the same day Apple made its iOS 4.1 upgrade available. As Paul McDougall points out, the upgrade offers a number of enhancements including a social gaming platform, TV show rentals, iTunes Ping, advanced photographic capabilities, and fixes a number of bugs and other performance issues.

However, users may want to think twice before jailbreaking their devices. In February, Apple filed for a patent that covers the ability to spot and disable various unauthorized uses of an iPhone, Touch, or iPad - jailbreaking included.

So by jailbreaking the device, you may not only be voiding the warranty - but you may one day end up with a bricked phone or MP3 player.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2382
Published: 2014-11-20
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.

CVE-2014-3625
Published: 2014-11-20
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVE-2014-8387
Published: 2014-11-20
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.

CVE-2014-8493
Published: 2014-11-20
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.

CVE-2014-8767
Published: 2014-11-20
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?