Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/9/2010
12:02 AM
George V. Hulme
George V. Hulme
Commentary
50%
50%

iPhone iOS Devices Jailbroken

Hackers are claiming to have uncovered a flaw within iPhone and iPod Touch hardware that will make it easy for users to jailbreak their devices. And, if these reports prove accurate, it'll not be a trivial workaround for Apple to fix.

Hackers are claiming to have uncovered a flaw within iPhone and iPod Touch hardware that will make it easy for users to jailbreak their devices. And, if these reports prove accurate, it'll not be a trivial workaround for Apple to fix.Hacker Pod2g from the group Chronix Dev Team claims to have found a boot ROM vulnerability that can be used to create jailbreak exploits for most iPhones and iPod Touches. Such an exploit can't be fixed with a firmware update - rather they require a replacement of the hardware device. That's because once the boot ROM is programmed and set and the phone assembled in the factory, this segment of hardware can't be updated.

That means if you bought your device before today, or before Apple patches the hole in manufacturing, you may be able to jailbreak your device without Apple being able to do much - if anything - about it.

Any day now expect the iPhone Dev Team and others to publish software that will make it simple for anyone to jailbreak their iPhone or Touch.

It seems serendipitous that the jailbreakable vulnerability was announced on the same day Apple made its iOS 4.1 upgrade available. As Paul McDougall points out, the upgrade offers a number of enhancements including a social gaming platform, TV show rentals, iTunes Ping, advanced photographic capabilities, and fixes a number of bugs and other performance issues.

However, users may want to think twice before jailbreaking their devices. In February, Apple filed for a patent that covers the ability to spot and disable various unauthorized uses of an iPhone, Touch, or iPad - jailbreaking included.

So by jailbreaking the device, you may not only be voiding the warranty - but you may one day end up with a bricked phone or MP3 player.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6342
PUBLISHED: 2020-05-28
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
CVE-2020-11082
PUBLISHED: 2020-05-28
In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.
CVE-2020-5357
PUBLISHED: 2020-05-28
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time wi...
CVE-2020-13660
PUBLISHED: 2020-05-28
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
CVE-2020-11079
PUBLISHED: 2020-05-28
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.