New Jailbreak Code Could Be Used to Hack iPhone; Fix on Way from Apple

| News

The code used in the ultrasn0w jailbreak released Tuesday for iPhone 4 could also be used to take over your iPhone, according to a warning issued by Symantec. That was followed by a warning from the German government warning iPhone and iPad owners not open certain files, especially leaders in government and business. Apple announced that a fix has been developed and is on the way.

While ultrasn0w was developed for iPhone 4, the exploit itself affects iPhones running iOS versions 3.1.2 to 4.0.1, iPads running iOS 3.2 and 3.2.1, and iPod touches running iOS 3.1.2 to 4.0. Without offering any specific information, the German government also said it could affect older versions of iOS, as well.

According to Symantec, the exploit involves two phases: “The first issue is reportedly a PDF font parsing vulnerability affecting Mobile Safari. Upon successful exploitation, a second-stage local exploit is used to elevate to root privileges on the device. There has been no public confirmation as to whether or not these vulnerabilities affect desktop installations of Safari or OS X.”

Germany has taken the possibility of the exploit being used in the wild quite seriously, with the country’s Federal Office for Information Security (known in Germany as BSI) issuing a statement warning iPhone users to avoid opening PDF files on an iOS device.

“Due to the popularity of the iOS devices,” the BSI said, “[it is] assumed that they are also increasingly used in the workplace. To the knowledge of the BSI, the iPhone (is also) used in senior management. It is therefore conceivable that the outlined weaknesses could be used in targeted attacks on leaders.”

An Apple spokesperson in Germany told the Associated Press, “We know these reports and are investigating them.”

Later in the day, a U.S. spokesperson for Apple told CNet: “We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update.”

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

11 Comments Leave Your Own

MacKeeper_fan_Mod

Carrier unlocks sound appealing, but they are circumventing a contract that you entered into willingly with your provider and Apple when you bought the phone. Some countries, like Canada, offer a choice of carriers (although each carrier pushes its own contracts, which are good for some and bad for others). Other countries, like the US, don’t offer any such choice. But the people now unlocking their carrier settings are generally doing so in violation of a contract that, almost universally, allowed them to get a phone for far less money down (and possibly less money over the life of the contract) than they otherwise would have had to pay to Apple, the manufacturer, in order to get the phone.

rabber

There are a few ways to use carrier unlocking. As you describe, you do violate the contract with the carrier. However, there are three instances where I think carrier unlocking should be perfectly legitimate. The first is when I travel internationally (which I haven?t done in a while). I should be able to swap SIM cards while I am in another country. T-Mobile allowed me to do this after being on their plan for 3 months. I haven?t asked AT&T, but I suspect that I could get them to if I didn?t have an iPhone. The second instance is after my two year contract expires, I should be able to get a carrier unlock. Finally, if I don?t purchase the iPhone through AT&T, then I should be able to unlock it. In fact, I shouldn?t have to sign up for a two year contract in the first place.

WOW

Really? Ultrasn0w for one is not the jailbreak… it is the unlock, and has nothing to do with the exploit.
the jailbreakme jailbreak takes advantage of an exploit that is in the ios firmware, and was already there before the jailbreak was released. Apple has left this vulnerability unpatched for the lifespan of all the phones, and by jailbreaking your phone you are able to plug the hole and make your phone safer.

Get the facts straight before spamming up the web.

jf

rabber - you hit the nail on the head. I travel internationally very frequently and I have sim cards/cell accounts from a couple of my more frequented destinations. Unlike many, I have no problem with my AT&T coverage in the US (geographic serendipity), however when overseas my previous solution was to use an old phone and leave my iphone off.
Now I can (and do as of yesterday) use my iphone as my primary phone even overseas (where I am right now). AT&T lose nothing, I gain better traveling communication. I have no intention of breaking my AT&T contract (with regard to service…) and I’ve jailbroken for that sole reason.

Interestingly a colleague who is on an Australian equivalent locked plan (discounted iphone, multi year contract),approached his provider and told them of his frequent os travel, they told him to wait half an hour and then restore his phone via itunes and they unlocked his phone to make his life easier - Absolutely Brilliant!

who?

Really? Ultrasn0w for one is not the jailbreak? it is the unlock, and has nothing to do with the exploit.
the jailbreakme jailbreak takes advantage of an exploit that is in the ios firmware, and was already there before the jailbreak was released. Apple has left this vulnerability unpatched for the lifespan of all the phones, and by jailbreaking your phone you are able to plug the hole and make your phone safer.

Get the facts straight before spamming up the web.

 

Well Said.

TitanTiger

I’m sorry, but if the iPhone in question is no longer under contract, it should not be up to AT&T or Apple as to whether I unlock it and use it on another carrier or not.  It’s not their phone, it’s mine.  The government should step in and require AT&T and all carriers to release unlock codes for phones that are not under a carrier contract.  Unlocking (not to be confused with jailbreaking) should be as easy as a phone call to AT&T or Apple.

Tiger

The fine lines people are walking with distinctions are really REALLY fine lines.

Your phone, their OS. I have to admit, I didn’t read the print in the iPhone EULA until just now. Paragraph 1 pretty much sums it up.

(GENERAL THE SOFTWARE (INCLUDING BOOT ROM CODE AND OTHER EMBEDDED SOFTWARE), DOCUMENTATION AND ANY FONTS THAT CAME WITH YOUR IPHONE, WHETHER IN READ ONLY MEMORY, ON ANY OTHER MEDIA OR IN ANY OTHER FORM (COLLECTIVELY THE “IPHONE SOFTWARE”) ARE LICENSED, NOT SOLD, TO YOU BY APPLE INC. (“APPLE”) FOR USE ONLY UNDER THE TERMS OF THIS LICENSE, AND APPLE RESERVES ALL RIGHTS NOT EXPRESSLY GRANTED TO YOU. THE RIGHTS GRANTED HEREIN ARE LIMITED TO APPLE’S INTELLECTUAL PROPERTY RIGHTS IN THE IPHONE SOFTWARE AND DO NOT INCLUDE ANY OTHER PATENTS OR INTELLECTUAL PROPERTY RIGHTS. YOU OWN THE MEDIA ON WHICH THE IPHONE SOFTWARE IS RECORDED BUT APPLE AND/OR APPLE’S LICENSOR(S) RETAIN OWNERSHIP OF THE IPHONE SOFTWARE ITSELF.)

It’s pretty standard as OSes go in fact.

The government has had how many years now to step in and has chosen not to interfere. Why? A few possible reasons:

1. It’s not in their best interest to start interfering with proprietary software and EULAs. They’re not prepared to deal with that in court yet. (and I say yet because I do think it will happen, which offers hope)

2. They investigated and found the EULAs perfectly legal (less likely, but still a possibility)

3. Corporate lobbyists have been able to craft legislation and enforcement to their benefit (hmm, plausible!)

4. Typical government bureaucracy means it may take a decade. (do we have a winner?)

Anyway, the current legal standing still seems to support EULAs.

But I also think that the days of the exclusive contract with AT&T are coming to an end. Word is T-Mobile will now be the second iPhone carrier in the US. The hybrid chips aren’t ready/produceable. Verizon’s out for now. That leaves another GSM network as the beneficiary. Sprint’s bandwidth is apparently worse off than AT&Ts;. At least that’s the street talk.

And did you know AT&T does have an international calling plan? You have to dig. All 3 of my bosses at the office have that ability when they go overseas. I think it’s an extra $5. Not a deal breaker for sure.

TitanTiger

Well, for me, I purchased this phone from my brother in law.  He was several months out of contract with AT&T.  He upgraded to the new iPhone 4 so I got his 3G, and jailbroke/unlocked to use on TMobile.  I should have that right.  OS, schmo-ess.  Apple has no more right to prevent me from using TMobile on a paid for phone than they do telling me to only use my Mac with a particular internet provider.

Matt74

This is a pointless article.  Jailbreaking IS hacking your iPhone.

While you’re at it, you might want to warn people that they might get wet if they take a shower.  Or maybe you can give people a heads up that the sun rises in the east!

jf

Tiger, I am aware of AT&T’s overseas rates & packages. However for example, the Malaysian cell company I subscribe to charges me (when I’m in Malaysia) 6 cents/minute to phone pretty much anywhere in the world and 3 cents a minute for local calls (plus no charge to receive any call any time, their roaming charges are also much less than AT&T’s, when in other countries.)
I’m not arguing the legality, I am stating that when I’m in Malaysia I previously had my iphone turned off and used a 2nd phone - now I can use my iphone. AT&T get’s the same payment from me regardless, there’s just no way I’m going to use their service, when I’m already subscribing to a local one when I’m in that country - just as when I’m in the US I only use AT&T. My comments were originally in response to the 1st couple in the thread - my point being that I don’t feel I’ve broken the spirit of my contract with AT&T, they certainly aren’t being deprived of any revenue from me as a result of the JB/unlock, I’m happy with them and will continue using them, just disappointed that I have to go this route instead of having them behave like the carrier I mentioned above.

JonGl

Carrier unlocks sound appealing, but they are circumventing a contract that you entered into willingly with your provider and Apple when you bought the phone.

Why do people keep saying this? Carrier unlocks are legal just about everywhere, and when you say such things, you are also forgetting about people who buy used or who have completed their contracts. Apple and ATT and other carriers _ought_ to provide unlocks for these situations, and if not, then people will do it without their “permission” which is not required in any case. Apple and all other companies are private commercial entities. They do not need individuals to “defend” their policies and practices. It sounds really petty.

-Jon

Log-in to comment