Apple iOS Flaw Fix Won't Protect Jailbroken iPhones; JailbreakMe Code Released
A security update issued by Apple Wednesday fixed a pair of security vulnerabilities exposed by the JailbreakMe exploit, but according to security experts jailbroken iPhones are still prone to attack.
"Although we haven't yet seen malicious attacks via the JailbreakMe vulnerability, we recommend to install the patch right away," Mikko Hypponen, chief research officer for antivirus maker F-Secure, wrote Wednesday on F-Secure's blog. "This does mean that users who have jailbroken their devices and prefer to keep it that way will have to face the increased likelihood of malicious attacks through this vulnerability."
And hackers and developers continue to stay one step ahead of Apple.
Shortly after Apple patched two vulnerabilities, the maker of the JailbreakMe exploit quickly released the source code for JailbreakMe 2.0, opening it up for others to leverage.
Around 6 p.m. eastern on Wednesday, the developer known as "Comex" tweeted that the source code was available on his web site. Just weeks earlier, Comex developed and launched JailbreakMe 2.0, a hack that lets users jailbreak their iPhones by exploiting vulnerabilities in iOS. Jailbreaking lets users install apps on their Apple iPhones that aren't authorized by Apple.
Apple on Wednesday had issued fixes for two critical security vulnerabilities in iOS that could have disastrous implications for iPhone and iPad users. The update addressed the issues originally brought to light by Comex's JailbreakMe 2.0 release, which illustrated how to defeat two security mechanisms in iOS. The first vulnerability could allow attackers to access the iPhone by tricking user into clicking a PDF document with maliciously crafted embedded fonts, while the other allowed an attacker to obtain elevated privileges and gain complete control over the device.
In the Wednesday security updates, Apple said it addressed both iOS vulnerabilities "through improved bounds checking."
But according to security experts, hackers could now leverage the source code released by Comex to take control of, or hijack, Apple iPhones and iPads if users don't patch their devices quickly.
"We recommend that all iOS users, including those who have jailbroken their devices, would install the latest update now," Hypponen wrote in the blog post.
And some have already caught on. One Twitter users, dubbed MTWomg wrote: "using it to make malicious [stuff] now."
F-Secure's Hypponen tweeted that Comex's code "Impressive. And dangerous."
Comex first released JailbreakMe 2.0 earlier this month shortly after the U.S. Copyright Office okayed jailbreaking, saying it is no longer a copyright violation. Jailbreaking lets smartphone users add software and applications not authorized by the carrier or device manufacturer. Since the jailbreak ban was lifted, a host of developers have released hot applications for jailbroken iPhones.