All the latest UK technology news, reviews and analysis
|
|
|
12 Aug 2010
Apple has issued an update to patch the iOS vulnerabilities disclosed earlier this month by iPhone 'jail-break' researchers.
The company posted updates for the iOS 4 software used by the iPhone and iPod touch and the iOS 3 firmware used by the iPad.
Both updates are distributed through iTunes, and can be installed by connecting the device to a computer running the application.
The updates block remote code execution flaws in the iOS PDF viewer and
IOSurface components which can be exploited through specially crafted web pages.
The vulnerabilities were discovered by a group of researchers from the iPhone
Dev Team, which used the flaws to provide a way to
remotely
jailbreak iPhone 4 handsets and allow the use of applications not approved
by Apple.
While the vulnerabilities were not being actively exploited, users were left vulnerable to attack should a malicious developer choose to adapt the procedure for a malware installation.
Michael Price, senior Latin America operations manager at McAfee Labs, told V3.co.uk that the patches should protect users from attack.
"This update should prevent malicious attackers from exploiting these issues, as well as prevent the jail-break technique from continuing to work," he said.
"Testing and verification of the fixes will be required in order to verify with certainty that the issues have been resolved. Also, while many devices will be updated and will no longer be affected, some (or many) will remain unpatched and at risk."
The iPhone Dev Team is warning users of jail-broken handsets not to install the update until a workaround can be developed.
Latest stories from Operating Systems
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Project Manager, London - Software Solutions (Project...
Project Manager - Hampshire - up to £32K - Fixed Term...
Senior Customer Support Consultant - 2nd/3rd Line Support...
C++/C#/Java developer for a global investment bank within...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Read the article not just the headline
Instead of jumping up and down complaining about how jail-breakers will be disdvantaged by this patch why not actually consider the ramifications of the flaw outside of the narrow purpose of jail-breaking to which it's so far been put. Apple are patching a vulnerability that allows arbritrary code execution on their device. That this vulnerability has been used to allow the handset to be jail-broken, and that this avenue for jail-breaking will therefore be closed, is irrelevant. Are the previous commentators seriously suggesting that Apple leave a know vulnerability open to hackers with more malicious intent just to avoid annoying those wanting to open up their phones? Get a grip.
Posted by: BadmanMonkey 16 Aug 2010
iPhone Unlock AKA Jailbreak
As it is now legal across the pond to "Jailbreak" your iPhone does that mean that the update is illegal as this stops you from doing something that is fundamentally yours to do in the first place?! Anyways, joking aside... has anyone phoned up Apple yet and asked for their phone to be Jail broken?
Posted by: Carl Dean 12 Aug 2010
Apple did a great job in security
Protectionism is a core element of the iPhone's success, in Apple's view -- but ultimately, this might come out as a decision that's difficult to defend, as it's legal to jailbreak as tutorials like "Jailbreak/unlock iPhone 3GS for iOS 4 on Mac"(posted by ifunia iphone column).
Posted by: stonee 12 Aug 2010
It's rather silly to be honest.
It was my understanding that the US government had ruled jailbreaking legal, so why Apple would upset the jailbreaking community now is confusing, but typical Apple (remember the Palm syncing with iTunes fight?). Grow up Apple, if people have bought their iPhone/iPod Touch/iPad it's theirs to do whatever they like with it. (by the way, my device isn't jailbroken, only because my computer won't let me as it's rubbish)
Posted by: Peter 12 Aug 2010