iOS 4.3.4/4.2.9 also kills untethered exploit dead

iOS 4.3.4/4.2.9 also kills untethered exploit dead

While the hoopla surrounding the recently released iOS 4.3.4 (and iOS 4.2.9) focused on it killing the PDF exploit that allowed to function -- and could potentially allow bad guys to attack the iPhone and iPad as well -- it looks like Apple also patched an exploit that had been used to achieve untethered Jailbreakers since iOS 4.1. According to @i0n1c:

For those that did not get it: iOS 4.3.4 does not only fix jbme3 as announced, but also silently kills the ndrv_setspec() integer overflow.

In addition to that iOS 4.3.4 also adds code to dyld to detect attacks with binaries using "incomplete code signing".

"Incomplete codesigning attacks" were used for all untether exploits from at least iOS 4.1.0

Wonder if {Apple] only tried to stop my xploit from modifying LCs at runtime with the new check, or if they knew it would stop [incomplete codesigning] attacks.

That last tweet revives the debate about wether or not Apple is simply concerned about iPhone, iPad, and iPod touch security, or if they're specifically targeting Jailbreak exploits to close down. Some, like, are such a risk Apple closes them as soon as possible. Others, like ndrv_setspec() survived for months and several IOS updates.

Either way, we once again thank the Jailbreak developers for their time and tenacity in always looking for new exploits and new ways to Jailbreak.

[@i0n1c, thanks @sethclifford]

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

The week in iPad

Next up →

iPad Live, tonight at 9pm EDT. Be there!

Reader comments

iOS 4.3.4/4.2.9 also kills untethered exploit dead


Why does it matter? there is a patch in Cydia for the PDF exploit so what is the reason to upgrade for a JBer?

Unfortunately for you, we've seen the last jailbreak for iOS4 in JailbreakMe 3.0. Those who buy a new iPad or iPhone from hereon out will have to wait quite a bit to jailbreak IMNSHO. iOS 5 is still months away and Apple is said to be making it harder for untethered jailbreaks on iOS 5. There is also new hardware to contend with in the iPhone 5, but eventually, we'll see another jailbreak.

Wrong. JailbreakMe 3.0 was mainly for the debut of the iPad 2 jailbreak.
All the existing iOS devices, excluding the iPad 2 can be jailbroken, as long as the baseband stays the same.

Not untethered just tethered JB so pretty much anyone on IOS 4.3.4 is screwed for now unless the have saved their shsh blobs and manage to downgrade to an early version

Wrong. Anyone who, as of this past Friday, bought or will buy an iPhone, iPod touch, or iPad, with STOCK iOS 4.3.4 will NOT be able to jailbreak.
Nor will they be able to downgrade to 4.3.3, because, well, in order to downgrade to earlier firmware, such as 4.3.3, the device has to have had it to begin with. No SHSH, no downgrade, no jailbreak, no nuthin'.

LMAO Yeah Go To ANDROID Were MALWARE RULZ :) OpenSource And Root Access Means There Is More Room For SomeonE To Create A Virus And Android Is Open SOurced And As You Said Allows Root Access This Is A iPhone Post Take Your Android Loving Ass Somewere Else

I hate to feed an obvious troll, but Open Source != more room to create a virus. There are far more virii for Windows and Mac OSX (both closed, but with some BSD licensed parts) than there are for any variants of Open Sourced *NIX. Open Source means more eyes looking at the code, which means bugs get found faster, and patches released faster.
As for root access, if somebody has root access on your computer, you are screwed. But that is completely orthogonal to Open Source. On Windows, they call it "Administrator," on OSX "Admin" -- it is the same thing. Google for "elevated privileges exploit" and you will see tons of results for Windows, OSX, and even iOS -- all closed systems.
Jailbreaking is a privilege escalation exploit. The closed nature of iOS does not prevent holes being found typically within 1-2 days of each beta release.

We uses iDevice here yet we want root access on it. We ain't gave up to be droid users. There's always a hole in every system. Just wait and see when iOS 5 officialy released.

Well It was bound to happen eventually but lets hope the dev team finds another way to do it untethered but im sure we wont hear of it til ios 5 is out so i'll stay on 4.3.2 for now

I wish apple would just stop the cat and mouse game and allow the jailbreak apps. It would give users the best of both worlds. Why is tweaking a few filesystems or adding themes such a crime? If you want to protect the user make sure the apps and tweaks perform their job before you let them into the store. Give me an options don't just close it off all together.