Security | Jailbreak iPhone, iPod Touch, iPad - Part 3 Skip to content

Jailbreak iPhone, iPod Touch, iPad

новости про джейлбрейк iPhone, iPod Touch и iPad

Archive

Tag: security

aslr One more step towards untethered iOS 5.1 jailbreak

Pod2g has bypassed ASLR at bootup, making progress towards the public release of an iOS 5.1 jailbreak. ASLR is a security method that randomly arranges important data areas. This is one more step toward untethered iOS 5.1 jailbreak for all devices including iPhone 4S, iPad 2 and new iPad 3.

ASLR seems bypassed! Weird machines FTW. Time to ROP the payload.

Earlier this week pod2g revealed that the Chronic Dev-Team now has all the exploits required to release a userland jailbreak of iOS 5.1. It takes time to put them together in a public ready tool.

iphonefb Dropbox And Facebook iOS Apps Are Vulnerable To Credential Theft

This week Gareth Wright reported that Facebook’s app for iOS has a security vulnerability through which malicious users can access login credentials saved in a .plist file of the app. With a copy of that .plist file malicious users could automatically log into the affected user’s Facebook account on another device. Reportedly, the vulnerability also exists on Android devices.

Wright describes several different ways in which your login credentials could be obtained by a malicious user, including hidden applications installed on shared PCs, customized apps, or modified speaker dock that could copy your plist.

According to Facebook, the issue only affects jailbroken or lost devices, as it requires physical access or installation of a custom app on the device. But Wright and The Next Web pointed out that simply plugging into any device would be sufficient for malicious users to gather these files.

The Next Web has confirmed that Dropbox for iOS is also vulnerable to this issue. Given that two such high-profile apps as Facebook and Dropbox are vulnerable to credential theft, it is likely that other apps are also affected by the issue.

As many reports note, this method of gathering login credentials is not actively utilized in a malicious manner, and users can protect their data for the time being by not plugging their devices into shared computers and charging stations.

pwned Dream Team will work on untethered iPad 2 and iPhone 4S jailbreak

Pod2g has recently announced that Planetbeing, MuscleNerd, and P0sixninja have joined his effort to release an iOS 5.0.1 untethered jailbreak for the iPhone 4S and iPad 2.

@planetbeing, the legendary hacker behind iPhone Linux and lot of jailbreaks has joined the A5 research! The famous @MuscleNerd, the leader of the iPhone Dev Team, who did a lot of tests for Corona and whom integrated it and made it simple in redsn0w is willing to help also. And last, but not least @p0sixninja, the leader of the Chronic Dev Team, and my partner for years on iPhone security research has started to code and fuzz the Apple sandbox.

That means that we now have a dream team to create a public release of the A5 jailbreak.

Several day ago pod2g posted information why the A5 jailbreak had not been released yet. The key reason being that the exploit used for A4 devices (called limera1n) doesn’t work on A5 devices. The untethered iPhone 4S and iPad 2 jailbreak that we have seen on videos and photos was created relying on having a developer account.

We are sure that planetbeing, MuscleNerd, p0sixninja and pod2g is just a great team. Hopefully they will find necessary exploit and implement it fast, because Apple might release 5.0.2 or 5.1 and fix untathered.

noupdate501 Jailbreakers and unlockers: dont update to iOS 5.0.1

Apple has recently released iOS 5.0.1. It is still tethered jailbreakable. However if you want untethered jailbreak or unlock – you should stay away from 5.0.1

Earlier this week pod2g reported that a code signing bug found in iOS 5.0 will make it easier for hackers to develop a full jailbreak for iOS 5 firmware version. That bug might have been closed in iOS 5.0.1. UPDATE: According to pod2g the bug is still present, but harder to exploit because another exploit found by Charlie Miller is fixed in iOS 5.0.1.

Also, MuscleNerd via twitter has warned iOS users that there is no downgrade from iOS 5.0.1 to iOS 5.0 yet and he recommends to wait until downgrade mechanism is available.

Jailbreakers and unlockers should avoid today’s 5.0.1 until a flow for downgrading to 5.0 is developed.

Downgrade flow needs to be modified for AP “nonce” http://is.gd/b3G0io … saved SHSH blobs are not enough to downgrade to 5.0

ios 4 3 4 Apple released iOS 4.3.4 that blocks JailbreakMe exploit

Apple has released iOS 4.3.4 to block the PDF exploit used by comex in JailbreakMe utility. JailbreakMe can wireless jailbreak all devices on iOS 4.3.3.

iOS 4.3.4 Software Update
Fixes security vulnerability associated with viewing malicious PDF files.

Products compatible with this software update:
iPhone 4 (GSM model)
• iPhone 3GS
• iPad 2
• iPad
iPod touch (4th generation)
• iPod touch (3rd generation)

For iPhone 4 Verizon Apple released iOS 4.2.9.

The official information is available here: http://support.apple.com/kb/HT1222

ios432 Apple released new firmware iOS 4.3.2

Apple has released iOS 4.3.2 for the iPhone, iPad, and iPod touch.

This update contains improvements and other bug fixes including:

  • Fixes an issue that occasionally caused blank or frozen video during a FaceTime call
  • Fixes an issue that prvented some international users from connecting to 3G networks on iPad W-Fi + 3G
  • Contains the latest security updates

Products compatible with this software update:

  • iPhone 4 (GSM model)
  • iPhone 3GS
  • iPad 2
  • iPad
  • iPod touch (4th generation)
  • iPod touch (3rd generation)

For information on the security content of this update, please visit http://support.apple.com/kb/HT1222.

Apple has also updated the firmware for the Verizon iPhone to 4.2.7 although this wasn’t listed in the release notes.

Current jailbreak tools work with iOS 4.3.2 in tethered mode only. Please save your SHSH keys for iOS 4.3.1 asap.

Here are direct download links for the latest firmwares:

device current version date found
AppleTV(2G) (AppleTV2,1) 4.2.1 (8F202) 03/22/2011 16:12:01
iPad (iPad1,1) 4.3.2 (8H7) 04/14/2011 13:06:02
iPad2,1 (iPad2,1) 4.3.2 (8H7) 04/14/2011 13:06:02
iPad2,2 (iPad2,2) 4.3.2 (8H7) 04/14/2011 13:06:02
iPad2,3 (iPad2,3) 4.3.2 (8H8) 04/14/2011 13:06:02
iPhone (iPhone1,1) 3.1.3 (7E18) 04/08/2010 21:05:48
iPhone3G (iPhone1,2) 4.2 (8C148) 11/22/2010 13:08:57
iPhone3GS (iPhone2,1) 4.3.2 (8H7) 04/14/2011 13:06:02
iPhone4 (iPhone3,1) 4.3.2 (8H7) 04/14/2011 13:06:02
iPhone4(vz) (iPhone3,3) 4.2.7 (8E303) 04/14/2011 13:06:02
iPodTouch(2G) (iPod2,1) 4.2 (8C148) 11/22/2010 13:08:57
iPodTouch(3G) (iPod3,1) 4.3.2 (8H7) 04/14/2011 13:06:02
iPodTouch(4G) (iPod4,1) 4.3.2 (8H7) 04/14/2011 13:06:02
last updated: 04/14/2011 13:14:02 EDT

android market

This week Google has released a new version of its client app for Android Market, which will work on any smartphone running Android OS 1.6 or higher.

The company aims to facilitate the process of discovering new software and its purchase. That’s why new Android Market will have a Cover Flow-like style of app listings and include new categories like Widgets and Live Wallpapers, as currently the catalog is filled pretty much with these kinds of software. Besides that, app pages will now have more info and links to related content.

Some changes were made to the policy of software returns. If earlier user could take his money back in case he didn’t like the app he bought within 24 hours, now this time is shortened to 15 minutes.

As the number of Android devices continues to grow and it becomes hard for developers to make their apps hardware compatible with as many existing handsets as possible, Google presents its new solution:

“To make it easier for developers to distribute and manage their products, we will introduce support for device targeting based on screen sizes and densities, as well as on GL texture compression formats.”

Another important feature of new Android Market is a new limitation of app file size, which is now extended to 50 MB (earlier it was 25 MB). This is still 40 times smaller than the current limitation for iOS apps (2GB). This can be explained by the fact that iOS apps can be downloaded not only via its mobile client (like apps for Android), but also via iTunes, that can be connected to the Internet in any possible way and thus capable to download such amounts of information. Nevertheless, some developers pass this limitation by offering tiny apps for Android that can download necessary files (like music, textures, video) of any size after its purchase.

However, Google’s attempts to create a rival to an App Store still are not successful as they can be. AppleInsider has studied the subject and revealed that the Android’s openness has led to a number of cases when popular titles like Radiant were cracked to be used as illegal copies by “97% of players in Asia, 70% in Europe and 43% in North America”. That’s why most of developers like Rovio (which created Angry Birds) offer free versions of their apps to earn money from showing the ads. But that kind of income is not as profitable as offering paid apps, which makes iOS more attractive for developers than Android.

It was also noted that Android Market offers poor security for users, though this situation can be changed by cleaning up the store. At least, that was what the developer of DoubleTwist Jon Lech Johansen advised Google more than a half a year ago, but the company has not still made any steps in that direction.

ra1ndrop iPhone iOS 4.1 Jailbreak Released from GeoHot, called LimeRa1n

Famous hacker Geohot is back and today he released the latest iOS 4.1 jailbreak. It is called LimeRa1n and supports iPhone 3GS, iPod Touch 3G, iPad, iPhone 4, iPod Touch 4G with iOS firmwares 4.0-4.1 and beyond. It can also hacktivate your device, so there is no need in phone SIM-cards and other tricks.

This software is still in beta and was updated 3 times in last several hours. So use with caution.

There is Windows version only for now. Geohot plans to release LimeRa1n for Mac and Linux soon. You can Download it here.

Some users report that they have jailbroken their iOS 3.2.2 iPads successfully with limera1n, while others report that they tried, but failed.

Do not forget to backup.

For many users of iPhone 3GS and iPhone 4 with iOS 4.0.2 now there is a hope to perform jailbreak using LimeRa1n and unlock using ultrasn0w. We recommend NOT to do it if you have not saved your SHSH keys. You can try, but if something goes wrong without SHSH keys you’ll have to restore to iOS 4.1, and there is no unlock for iOS 4.1 (possibly forever). Just wait for PwnageTool utility.

DevTeam reported that Limera1n uses a different exploit than SHAtter, so they will not release SHAtter utility, they don’t want let Apple fix both security holes. However they plan to release PwnageTool using the same exploit.

limetime 400x245 iPhone iOS 4.1 Jailbreak Released from GeoHot, called LimeRa1n

Known bugs:

  • some people must reboot to see Cydia
  • beta iOS versions aren’t supported
  • iPod Touch 2G support coming soon
  • for iPhone 3G use redsn0w 0.9.6 b1

Here’s a quick changelog of recent beta releases:

  • BETA1 – first release
  • BETA2 – fixed kernel patching magic, rerun BETA2+ over BETA1
  • BETA3 – fixed new bootrom 3GS
  • BETA4 – uninstall fixed, respring fixedish

pdffix Saurik released a PDF patch for older and already jailbroken iOS devices

As you may know, few days ago Apple had released a new version of iOS for all its mobile devices except first-generation iPhone and iPod touch, so owners of the latter are still not protected from a security flaw that allows hackers to obtain a remote control of their handsets. In fact, the latest compatible version for them is currently iOS 3.1.3.

But Saurik (who is known as a developer of Cydia) recently announced on the Dev-Team blog that he released a PDF patch that is compatible with any iOS version down to 2.x. It can be found in Cydia if you’ll search for “PDF Patch”. After installing it you can check if the patch is working properly with visiting jailbreakme.com page. After sliding the box to jailbreak you should only see the star background (and not a dialog box), which means you are no longer vulnerable.

In its blog Dev-Team also noted:

“Since the only reason for 4.0.2 was to fix the security holes, and since the upcoming Cydia package will fix them too (and then some!), everybody should sit tight on 4.0.1 (or lower) and install the Cydia package as soon as it’s out. Jailbreakers can have their cake and eat it too.”

4.0.2 300x218 iOS 4.0.2 for iPhone, iOS 3.2.2 for iPad Have Been Released 3.2.2 300x218 iOS 4.0.2 for iPhone, iOS 3.2.2 for iPad Have Been Released

Today Apple released patches for its iOS that address a security hole in Mobile Safari, which allowed users to jailbreak their iDevices. The PDF exploit they used also allowed hackers to gain remote control over the device with an iOS.

iOS 4.0.2 is available for:

Apple did NOT release the patch for the first generation iPhones.

iOS 3.2.2 is intended to use on the iPad and iPad 3G.

You can update your device via the links above or simply by connecting your device to iTunes and clicking Update. But note, if you want to continue using jailbreak you should not update your handset/tablet and don’t forget to backup your SHSH blobs.