Jailbreaking can make iOS devices more secure [UPDATE: Apple working on a fix]

Jailbreaking can make iOS devices more secure [UPDATE: Apple working on a fix]

Summary: What happens when a zero-day vulnerability -- one that will take days, maybe weeks, to be fixed by Apple -- has already been patched by the jailbreak community

SHARE:
TOPICS: Mobile OS, Apple
26

Yes, you read that right. Jailbreaking your iOS devices can make them more secure.

One of the reasons given by Apple for locking down the iOS platform is security. A locked down OS is more secure than one that isn't because it doesn't allow unsigned code to be run on the platform. But what happens when a zero-day vulnerability is discovered that allows the security system to be bypassed that will take days, maybe weeks, to be fixed by Apple has already been patched by the jailbreak community? This is when a jailbroken device becomes more secure than one protected by Apple's security mechanisms.

And this is the situation that millions of iOS device owners find themselves in today. Yesterday the JailbreakMe.com website was resurrected and this gave almost all iOS device (iPod touch, iPhone and iPad) owners a simple way to jailbreak their hardware. The site does this by making use of a zero-day vulnerability in the mobile Safari browser related to the way it handles PDF documents. In this instance the vulnerability is being used to jailbreak the device, but there is nothing preventing hackers from reverse-engineering the hack, loading it into any PDF file and using it to do something far more nefarious.

'Comex,' the creator of the JailbreakMe.com website seems to be well aware of the fact that this vulnerability could be used to do bad things:

"I did not create the vulnerabilities, only discover them. Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable. Although releasing a jailbreak is certainly not the usual way to report a vulnerability, it still has the effect of making iOS more secure in the long run."

On top of that, the jailbreak community has made a patch available to those running jailbroken devices. This means that the minority who jailbreak their devices are offered protection from this vulnerability, while millions who don't jailbreak are left waiting on Apple for a fix.

So, if you're not up to jailbreaking, what should you do? Here's what security firm Intego suggests:

Apple should release a security update to iOS in the near future to deal with this vulnerability. In the meantime, users are advised to avoid downloading or viewing PDF files from untrusted sources on their iOS devices.

Take care out there!

[UPDATE: As pointed out to me by Sean Sullivan via the F-Secure Labs Twitter account, the PDF vulnerability exists for the 2nd generation iPod touch too, and since this device is no longer supported by Apple, these users will never see a fix from Apple.]

[UPDATE 2: Apple spokesperson Bethan Lloyd said that the company is "aware of this reported issue and developing a fix that will be available to customers in an upcoming software update."]

Topics: Mobile OS, Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

26 comments
Log in or register to join the discussion
  • Gotta wonder...

    ...if this PDF vulnerability exists in OS X as well as iOS.
    wolf_z
  • What is your trust model?

    If you agree that the "community" will provide the update faster than Apple, then you also agree to accept code that might have malicious intent. I highly doubt that many downloaders will inspect the code to determine the update fixes the 0-day and subsequently that its intent is harmless. Your putting LOTs of trust in the hands of others, I don't know which one is worse.
    encrypto99
    • RE: Jailbreaking makes iOS devices more secure

      @encrypto99
      Not everyone in the community are here for nefarious purposes. At least this was brought to light before apple has a chance to deny the problem then fix it later as is there natural order of process a perfect example is the MacDefender outbreak that was denied until it was out of control on the forums. I'd rather trust someone that brings it to light with a fix than wait for a company to deny it for weeks THEN release a fix. Who knows, apple might steal this guys fix and say it was theirs like Wi-Fi sync and the pull down status bar stolen from android.
      Nate_K
      • RE: Jailbreaking makes iOS devices more secure

        @Nate_K Oh that's right, I totally forgot that Android devices were the first ever to Wi-Fi sync. You hate Apple, we know this. Why bother posting since it has no affect on you and in your little dream world you would probably love to see this exploited on all iOS devices.
        non-biased
  • RE: Jailbreaking makes iOS devices more secure

    Funny, wasn't the first iOS vulnerability caused by Jail Breaking? It was a while ago, but I seem to recall it had something to do with a default password that would allow remote access of the phone?
    YaBaby
    • RE: Jailbreaking makes iOS devices more secure

      @YaBaby You're referring to SSH, which allows wireless communication between a an iPhone and other devices. This happens ONLY if you download SSH on the iPhone, which creates a default password etc..
      JordanR121
      • RE: Jailbreaking makes iOS devices more secure

        @JordanR121 Exactly and as you download SSH they also give you explicit instruction about how to change the password so that you are no longer vulnerable. Anyone capable of jailbreaking and then figuring out SSH is also quite capable of changing a password. I don't know how long this vulnerability existed before it was addressed, but when I put SSH on my phone it was well explained.
        littlemas2
    • RE: Jailbreaking makes iOS devices more secure

      @YaBaby You are partially correct. But the issue wasn't so much the jailbreaking itself as user enabling SSH and not changing the default password even though they were warned to do so.
      athynz
  • RE: Jailbreaking makes iOS devices more secure

    Apple IOS = FAIL (again)

    This is becoming much more common news. And it's friggin hillarious. Must suck for Steve Jobs to have to climb down off that pedestal he put himself up on......
    Nadaphanboi
    • RE: Jailbreaking makes iOS devices more secure

      Nadaphanboi=FAIL

      This is "common news" because the tech media loves to hate Apple - as do you Apple haters - and hating on Apple leads to page hits from ABAers like yourself who come by to give yet another variation on the whole "Apple sucks" mantra, the die hard frothing at the mouth mactards who insist that there could be nothing wrong with anything Apple makes, does, or says, and those like me who counter the FUD from both sides of your immature little pissing match.

      Just thought I'd put it all into perspective for you. You're welcome.
      athynz
      • @athynz: Watch that hate of yours and your personal attacks

        @athynz
        Unbecoming. Uncalled for.
        honeymonster
      • RE: Jailbreaking makes iOS devices more secure

        @athynz Well said but you know reason doesn't work with the small minded haters for the over the top fanboys.
        non-biased
    • RE: Jailbreaking makes iOS devices more secure

      @Nadaphanboi Amen to that xD
      ozl@...
  • RE: Jailbreaking makes iOS devices more secure

    I am quite sure that Apple really loves the jailbreak community. They get a bunch of free technical work that helps them figure out their vulnerabilities and gives them great ideas for new and useful features for their next OS update. I think it is funny that with each successive iOS they incorporate more and more of the features that I have been using on my jailbroken iphones for years.
    littlemas2
  • RE: Jailbreaking makes iOS devices more secure

    The last few times something like this has happened the jailbreaking community released a fix prior to Apple doing so...
    athynz
  • So, let me see if I can follow your reasoning.

    It's Apple's fault that it might take them days or weeks to patch a flaw that was deliberately kept from them by the hacker community so they could use it to jailbreak iPhones.
    fr_gough
    • RE: Jailbreaking makes iOS devices more secure

      @fr_gough Oh, I see. Apple relies on the hacker community to find flaws in their software? I guess Apple doesn't know their software as well as hackers.
      TomDavisSr
      • RE: Jailbreaking makes iOS devices more secure

        @TomDavisSr And apparently Google and MS don't know their software as well as the hackers either so what is your point?
        non-biased
    • RE: Jailbreaking makes iOS devices more secure

      @fr_gough In a word....yes.<br><br>Shouldn't Apple be responsible for finding it's own problems(flaws)? When did it become our job to find and fix their issues? I don't remember getting a pay check from Apple. Anyone else?
      Com69
      • RE: Jailbreaking makes iOS devices more secure

        @Com69 He didn't say it was anybodies responsibility other than Apples. He simply pointed out that rather than notifying Apple of the issue they withheld it so it could be used to their gain. Seems just like what hackers to for malicious attacks on Windows and Android to me.
        non-biased