Major security flaw in Apple IOS iphone/Ipad
07 July 2011, 08:22 PM
#1
Scooby Regular
Thread Starter
Join Date: Sep 2002
Posts: 2,551
Likes: 0
Received 0 Likes
on
0 Posts
Major security flaw in Apple IOS iphone/Ipad
Please be careful out there!
It looks like there is a major security problem with all iphones and ipads
http://www.computerworld.com/s/artic...ble_on_the_Web
stay safe and put that IOS device down, my ipads being kept firmly under the bed until this is sorted out....
It looks like there is a major security problem with all iphones and ipads
http://www.computerworld.com/s/artic...ble_on_the_Web
stay safe and put that IOS device down, my ipads being kept firmly under the bed until this is sorted out....
07 July 2011, 08:45 PM
#3
Isn't there a risk hackers will make the exploit from this site into an iPhone virus?
When I released JailbreakMe 2.0 last year, some media reports focused on the security implications of releasing an exploit for unpatched vulnerabilities. I am not sure myself what to think of this, but here are some facts:
▻ I did not create the vulnerabilities, only discover them. Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable. Although releasing a jailbreak is certainly not the usual way to report a vulnerability, it still has the effect of making iOS more secure in the long run.
▻ There's always a first time, but I think there's a good chance the security impact of these vulnerabilities will remain theoretical. Despite JailbreakMe 2.0 being open sourced after an updated version of iOS was released, which would have made it relatively easy to modify the code into an attack, I didn't hear about any such modification except a proof of concept that showed up much later. The only iPhone virus ever to attack the general public was a trivial one that affected jailbreakers who installed OpenSSH (not installed by default) but left it at the default password.
▻ Along with the jailbreak, I am releasing a patch for the main vulnerability which anyone especially security conscious can install to render themselves immune; due to the nature of iOS, this patch can only be installed on a jailbroken device. Until Apple releases an update, jailbreaking will ironically be the best way to remain secure.
▻ Jailbreak apps and tweaks improve the mobile experience of millions of users, including many who were encourged to try it by the ease of use of web-based jailbreaks. I'm not just doing this to be flashy: there is considerable benefit to writing this kind of tool rather than one that requires a connected computer.
Taken straight from Comex website
When I released JailbreakMe 2.0 last year, some media reports focused on the security implications of releasing an exploit for unpatched vulnerabilities. I am not sure myself what to think of this, but here are some facts:
▻ I did not create the vulnerabilities, only discover them. Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable. Although releasing a jailbreak is certainly not the usual way to report a vulnerability, it still has the effect of making iOS more secure in the long run.
▻ There's always a first time, but I think there's a good chance the security impact of these vulnerabilities will remain theoretical. Despite JailbreakMe 2.0 being open sourced after an updated version of iOS was released, which would have made it relatively easy to modify the code into an attack, I didn't hear about any such modification except a proof of concept that showed up much later. The only iPhone virus ever to attack the general public was a trivial one that affected jailbreakers who installed OpenSSH (not installed by default) but left it at the default password.
▻ Along with the jailbreak, I am releasing a patch for the main vulnerability which anyone especially security conscious can install to render themselves immune; due to the nature of iOS, this patch can only be installed on a jailbroken device. Until Apple releases an update, jailbreaking will ironically be the best way to remain secure.
▻ Jailbreak apps and tweaks improve the mobile experience of millions of users, including many who were encourged to try it by the ease of use of web-based jailbreaks. I'm not just doing this to be flashy: there is considerable benefit to writing this kind of tool rather than one that requires a connected computer.
Taken straight from Comex website
07 July 2011, 08:52 PM
#4
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Please be careful out there!
It looks like there is a major security problem with all iphones and ipads
http://www.computerworld.com/s/artic...ble_on_the_Web
stay safe and put that IOS device down, my ipads being kept firmly under the bed until this is sorted out....
It looks like there is a major security problem with all iphones and ipads
http://www.computerworld.com/s/artic...ble_on_the_Web
stay safe and put that IOS device down, my ipads being kept firmly under the bed until this is sorted out....
Also, if you are jailbroken you can download a PDF fix from Cydia which will address the issue.
Apple has said it will be fixing the problem, but they have not given a release date for a fix.
Thread
Thread Starter
Forum
Replies
Last Post
The Joshua Tree
Computer & Technology Related
30
28 September 2015 02:43 PM