Apple investigating web-based exploit used for iOS 4, iPhone 4 Jailbreak

Apple is aware of the web-based exploit used to Jailbreak iOS 4 and iPhone 4, but also potentially able to allow malicious access to any iPhone -- Jailbroken or not -- and are investigating it.

While many users were thrilled at the rapidity and simplicity with which Comex et. al. delivered an iOS 4 and iPhone 4 Jailbreak, that same exploit could just as rapidly and simply be used to hack any iPhone for any reason -- including malicious ones like stealing your data.

Tapping on a web link is far easier to get someone to do than downloading and running a program, and with this exploit being zero-day and in the wild, Apple will need to get it patched and fast.

Until they do, the usual advice applies -- don't go to websites you don't trust completely, and don't click on links in emails if there's any chance they're malicious (go type the URL in the browser yourself).

[Reuters]

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

21 Comments
  • We would laugh when some company made a virus protection product for a smartphone. No need due to the nature of the device. Now I wonder if virus/malicious software programs are going to be the future for any device that has Internet access.
  • Here's where Apple bites themselves in the @$$. Because of their lockdown of access to the phone and inablility to load your own apps (other than jb of course), it can be argued that Apple has on obligation to protect the end user from these malicious attacks and provide any and all necessary antivirus and antimalware software for their phones.
  • It's ironic that the media go to town on the non-issue of the antenna and then when a serious security exploit is revealed they haven't a thing to say about it. Except maybe that hey, you can jailbreak easily, isn't that convenient!
  • I do think they need to patch this hole but they also need to worry about fixing the proximity sensor! Come on Apple get your stuff together already!
  • Ironically, you can leave it to the jailbreak community to patch up this exploit :D
  • i got new iphone 4 16GB from online store,just $392(including shipping fee),you can get more from http://www.trade-whole.com/apple-iphone-4-black-16gb-unlocked-mc603ba-gs...
  • The real question to ask is if this is an iOS security hole or a mobile Safari hole that you could avoid using one of the other browsers in the app store?
  • And apple is worried about flash. Hmmmm
  • I agree this needs to be patched asap. Apple how about less focus on Game Center and more focus on security?
  • @Erik
    It is not a Safari bug -- it s a bug in the font handling of Apple's PDF Reader. (Not Adobe; Apple wrote this themselves.) Another browser would not help unless a) they did not hand off PDF's to Apple's PDF Reader or b) they at least prompted you before doing so.
    Mobile Safari is highlighted as dangerous because it hands off PDF links automatically, and without giving the user any idea that the link is a PDF. Safari itself is not the hole; Safari just makes it stupidly easy to blunder into the hole. Mail would be just as dangerous, as, really, would any application that leverages Apple's built-in PDF reader.
    Rene's advice to type in links will also not help you, in that a typed-in URL will still open up PDF reader and thereby trigger the bug. It is not bad advice because it makes you stop and think about what a link is before deciding to go there, but once you decide to go, a typed-in link is no more secure than a clicked one.
    @Nick
    There is an add-on that pops up a confirmation box before you open a PDF, which would provide at least some protection, though, perhaps ironically, it is jailbreak only. :) [ http://9to5mac.com/pdf-loading-warner-on-cydia ]
  • The question is, should jailbreaking still void your warranty when it's as easy to perform as it is? Your new laptop you buy doesn't void it's warranty when you get a virus so what's to stop people from saying they didn't mean to jb, they just clicked on a link in an email and it was done without their knowledge??
  • Good question Eric, anyone know?
  • Tulliver,
    Apple voids the warranty because JP hurts their profits and their ego. Has nothing to do with the nonsense that they put out that JB can damage a phone.
    An non-jailbroken iphone is like a person with a PHD flipping burgers in McDonalds. Its like Einstein without locked in a room with no access to his lab or his research.
    It's like a public computer that everything is locked down. Apple built a monster with the iphone, but they also injected the monster with drugs to make it sleep.
    If Android, Palm, Samsung, Nokia, and everyone else had a brain in their advertising dpt, they would put out commercials with apples inside a jail cell, and say something like "with our phone, you don't need to jailbreak to access it's full potential".
  • anyone else finding this jailbreak to be much buggier than previous ones?
  • Although it does void your warranty based on terms and conditions, a restore rids all proof of jailbreaking and therefore you can still use the genius bar for most issues you could have without any issues.
  • @Salami
    The interesting question is should Apple be permitted to void the warranty for something which can be triggered remotely by a security hole in Apple's own product? It would be like Microsoft (or Dell, or HP most likely) voiding the warranty on your laptop because of a virus delivered through a buffer overflow in Internet Explorer.
  • FaceTime over 3G  www.jailbreakme.com > slide to jail break (on the iPhone using safari ) Tap Cydia > user graphical only > complete upgrade How to add a source:
    Tap Cydia > manage > sources > edit > add > http://elpelle6.com/repo/ > add source > keep clicking out of the potential alerts until it says to return to cydia Tap cydia > search > search for rockapp > tap rockapp > Tap install > tap confirm > it will begin downloading > when done tap return to cydia 5. Tap cydia > search > search for my3g 4.1.4 (no rock) > tap my3g 4.1.4 (no rock) > Tap install > tap confirm > it will begin downloading > when done tap reboot Tap home screen button to exit cydia   > tap my3g app> create a rock id >  It will say license not found> tap exit > then it will say it found them and show apps that will think your on wifi.  > return to the home screen of iPhone  Tap cydia > search > search for rockapp > tap rockapp > Tap modify > tap remove > it will begin uninstalling > when done tap return to cydia > return to iPhone home screen Confirm your on 3G signal > Test FaceTime with a friend or apple themselves @ 1888FaceTime. DO NOT TELL THEM YOUR ON 3G or HAVE JAILBROKEN YOUR PHONE. 
  • Well I would say they can void the warranty because don't you have to slide to jailbreak? If that's the case they can still claim YOU made the decision to do so. I had my 3G JB for a loooong time and never was worried about a voided warranty. If you need to see Apple for something throw a little restore on the phone and you are good to go.
  • @BrianT
    If you visit Jailbreakme.com, perhaps, because they are up-front about each step, but what if you get an email with a link to superhappyfuntime.com/evilFile.pdf, click on it in Mail.app, and are jailbroken that way? (Not a real link.) I am not saying these sites are rampant in the wild right now outside of jailbreakme.com, but the point is that such 0-day explots of iOS 4 are possible, and they appear to be simple to create and disguise their intent. Should Apple be allowed to void a warranty for something that can be done accidentally through a flaw in Apple's product?
  • Once again you have to ask if its time for Apple to step away from the single binary replacement method of updates.
    I can't help thinking that if they could push discreet modules out they itunes (or whatever) this would be fixed by tomorrow morning at seven am.
  • Makes you wonder what good the fraud warning on safari is. Most sites are legit. It is usually something lurking around on them causes the problem. By the time the site fixes it, too late. Who checks all the ads on the free programs. Never click on any ad.