A security update issued by Apple Wednesday fixed a pair of security vulnerabilities exposed by the JailbreakMe exploit, but according to security experts jailbroken iPhones are still prone to attack.
"Although we haven't yet seen malicious attacks via the JailbreakMe vulnerability, we recommend to install the patch right away," Mikko Hypponen, chief research officer for antivirus maker F-Secure, wrote Wednesday on F-Secure's blog. "This does mean that users who have jailbroken their devices and prefer to keep it that way will have to face the increased likelihood of malicious attacks through this vulnerability."
And hackers and developers continue to stay one step ahead of Apple.
Shortly after Apple patched two vulnerabilities, the maker of the JailbreakMe exploit quickly released the source code for JailbreakMe 2.0, opening it up for others to leverage.
Around 6 p.m. eastern on Wednesday, the developer known as "Comex" tweeted that the source code was available on his web site. Just weeks earlier, Comex developed and launched JailbreakMe 2.0, a hack that lets users jailbreak their iPhones by exploiting vulnerabilities in iOS. Jailbreaking lets users install apps on their Apple iPhones that aren't authorized by Apple.
Apple on Wednesday had issued fixes for two critical security vulnerabilities in iOS that could have disastrous implications for iPhone and iPad users. The update addressed the issues originally brought to light by Comex's JailbreakMe 2.0 release, which illustrated how to defeat two security mechanisms in iOS. The first vulnerability could allow attackers to access the iPhone by tricking user into clicking a PDF document with maliciously crafted embedded fonts, while the other allowed an attacker to obtain elevated privileges and gain complete control over the device.
In the Wednesday security updates, Apple said it addressed both iOS vulnerabilities "through improved bounds checking."
But according to security experts, hackers could now leverage the source code released by Comex to take control of, or hijack, Apple iPhones and iPads if users don't patch their devices quickly.
"We recommend that all iOS users, including those who have jailbroken their devices, would install the latest update now," Hypponen wrote in the blog post.
And some have already caught on. One Twitter users, dubbed MTWomg wrote: "using it to make malicious [stuff] now."
F-Secure's Hypponen tweeted that Comex's code "Impressive. And dangerous."
Comex first released JailbreakMe 2.0 earlier this month shortly after the U.S. Copyright Office okayed jailbreaking, saying it is no longer a copyright violation. Jailbreaking lets smartphone users add software and applications not authorized by the carrier or device manufacturer. Since the jailbreak ban was lifted, a host of developers have released hot applications for jailbroken iPhones.
|
10 New Mobile Device Management Solutions To Ease BYOD Headaches As smartphones and tablets continue to filter into the workplace, demand for mobile device management solutions is on the rise. Here are ten of the market's newest MDM platforms to help IT teams become BYOD-ready. |
|
10 'Green' Tech Products To Celebrate On Earth Day From printers to solar-powered tablet covers, here's a look at 10 of the "greenest" tech products on the market today. |
|
The 10 Ugliest Gadgets Of The Last 10 Years There have been plenty of technology products that have lacked beauty and grace. But these 10 ugly products take the cake. |
 More
Slide Shows |
