“As expected, Apple released the 1.1.2 update for the iPhone overnight to coincide with its debut in the U.K. and Germany. As not expected, it’s been sprung from jail already,” Tom Krazit reports for CNET.
“New code for the 1.1.2 update was released last night by the same people responsible for the JailBreakMe program. It’s still pretty raw, which means it’s not really meant for those of us who aren’t familiar with the command line. The latest hack works by applying the code to an iPhone that’s still running the 1.1.1 firmware, then installing the 1.1.2 update.,” Krazit reports.
“‘Jailbreaking’ your iPhone means that you’re opening it up to third-party applications without Apple’s authorization. Apple plans to release a software developer’s kit in February that will let developers and users put authorized applications on their iPhones and iPod Touches,” Krazit reports. “It’s not clear whether the 1.1.2 update disabled phones that had been unlocked to run on other mobile networks, as was the case the last time Apple released an iPhone update.”
Full article here.
iTunes is still not releasing the update, where can I get the update and how do I install it? Help pls?..
This is probably because this update wasn’t meant to improve iPhone security, it was just the update for the phones going international. Not every update is going to be hard to break, obviously if it went this fast Apple didn’t make a serious effort to prevent unlocking with this patch.
This is getting a bit embarrassing for OS X and Apple. Is it that easy to really break into OS X?
Thank goodness these hackers don’t have malicious intent at this point.
Also it makes me wonder if they had the same intensity in breaking into OS X on Macs, would it be that easy?
I hope not!
Come Apple, you can do better………. Make the hackers work a bit harder!
@Shinobi
Go troll some were else
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
Hacking OS X probably will not be that difficult, if the hacker has root access. In the case of iPhone hack, I assume iPhone owner is giving hack code root access permission.
“This is getting a bit embarrassing for OS X and Apple. Is it that easy to really break into OS X?”
yeah common, surely you keep people who actually own and have physical access do a device out of… it…. wait…….
are you really that ill-informed?
MW: “probably”
“Also it makes me wonder if they had the same intensity in breaking into OS X on Macs, would it be that easy? “
Yes, and if they had the same type of access to your Mac – unlimited physical access, that is – it would be that easy.
Ignorant or troll? Does it matter?
So far, everyone, even the security experts, who has hacked OS X has done so on their own system or phone using their own root access.
Is it really hacking if you break into your own device?
Oh look, I erased my hard drive, OS X is shite!
I am not a Troll nor “ill-informed”. I own an Intel MacBook Pro and a Mac mini. I have convinced many friends and family members to buy Macs. In fact all but a few friends/family members now own Macs.
One of the primary reasons I bought my Macs was for the stability, Unix foundation(I am a graduate Computer Science Student), and security!
I love my Macs… but Apple is starting to make me wonder about how seriously they are taking Security.
The hackers jail breaking the iphone/itouch within hours of the update releases is not what I would call being serious about security.
Most of these hackers are mostly interested in the iphone, but If they were just as focused on exploiting Macs, could they do it this easily?
I think Apple can do better than letting hackers jail break the iphone within hrs of its firmware update. I understand the the Tiff exploit in the previous Jailbreak 1.1 is an overflow exploit that had existed for a while. It should have been fixed long before now.
All the quicktime buffer overflows have gone un-patched all this time until, what last week?
Also, when Safari was first released for Windows, within 1 day they found multiple exploitable buffer overflows. Any of these could allow an attacker to own a Mac.
All I am saying is that, I want Apple to focus harder on security. If we all ignore or accept this type of behavior, we are not doing Apple or ourselves any favors.
We want our Macs/iphones as secure as possible. If these hackers can jail break the iphone so can malicious attackers. Apple needs to do better.
I hope I will not be further attacked for stating a serious concern here, that we all should care about
Apple can do better than this.
Not true…
One of the Jail breaks, if I remember correctly took root of iphones that visited a webpage. No downloads, no phishing. Just visiting a website that was crafted to do a buffer overflow to gain root access of the device.
That’s basically how the additional software gets installed. Is that easy enough for you?
@ I am not a troll
if you were any type of skilled computer science student you would know that when one is attempting to crack a code base for a period of time that is longer than the upcoming update to an OS one would know to look for exploits that will remain unpatched after the update for the initial patch. what we are seeing here is a direct challenge to Jobs’ own challenge regarding the cat and mouse game. Steve Jobs said they needed to stay ahead of the breakers in the iphone’s cat and mouse game. He should have know that this is an unwinnable game. Apple does not have all the skilled code junkies. This breaking is a reversal to his challenge. Apple now needs to catch up not stay ahead.
Madrox199,
MDN had an earlier post with the links.
http://macdailynews.com/index.php/weblog/comments/15468/
That would be one helluva exploit if some hacker cracks the iPhone, only to brick every one of them after the delay trigger goes off.
“This is getting a bit embarrassing for OS X and Apple. Is it that easy to really break into OS X?”
I think everybody understands by now that any pretense that OS X is more secure than any other OS is a myth.
“Yes, and if they had the same type of access to your Mac – unlimited physical access, that is – it would be that easy. “
Except the iPhone isn’t a system where you can just put a CD in, boot and start hacking. It’s a system where all attacks must be initiated remotely or with normal user privileges from the phone.
Care to back that “myth” comment up with some facts?
Can’t? Thought so.
There is not one virus, spam or spyware that can gain access to your machine without the user, obviously being an idiot, doesn’t have to authenticate.
The new one, found on the porn site? Has to be authenticated. Don’t do it, no issue.
Sadly the “other” OS, allows for things to be installed without the owners consent.
Doesn’t add video, voice notes, or improve stability… therefore is not a necessity.
Apple’s stock makes record high…. AGAIN.
The apple has fallen.
“The hackers jail breaking the iphone/itouch within hours of the update releases is not what I would call being serious about security.”
So, right now, I could email you a set of instructions that will allow you to erase every file on your desktop… THAT’S your security risk? There is no system made that will offer 100% security as long as the “attacker” has access to the hardware. The hacker’s aren’t breaking into YOUR phone, they’re breaking into their OWN phone, then posting instructions on how other’s can break into THEIR own phones.
“No downloads, no phishing.”
Oh, there was INDEED phishing… to the tune of “Come to our website and jailbreak your phone for free!” If you’re stupid enough to go there, then you deserve whatever comes out of it.
Maybe Apple could leave some free rein to “hackers” and dedramatize the unlocking thin… after all many countries laws will forbit the phones locking, and Apple will have to sell iPhones there too.
For the moment, illegal unlocking is yet too hazardous for most of non geeks.
Again,
The previous jail break, could gain root access to the iphone by you just visiting a URL with Safari on your iPhone. It was no necessary for you to do anything than visit a web site to get rooted.
Likewise earlier in the year at the CanSec conference where a hacker won 10,000 because he broke into a Macbook pro using a similar type of exploit. That if you visited a web site, it executed a buffer overflow and he gained access to your account.
I think it only took like 9 hours for him to find this exploit. Likewise, I am aware that the iphone hackers could have already been working on another un-patched exploit before apple released their patch yesterday.
But that is exactly my point. Are that many holes in Apple’s code, that 1) they are not aware of them or 2) They don’t prioritize fixing them?
Either way, I want Apple needs to do better. Likewise with the CanSec contest. How long would the hole he exploited be in OS X, if it were not for that contest?
We are lucky that these Hackers are not Malicious. Please don’t go to the illogical argument that You would not visit a malicious web site. Because the really good ones you can’t tell the difference.
Like Alicia Keyes MySpace website, the NFL website that was hacked, and others. Many users not expecting legitimate websites to be hacked. It can happen to just about anyone as these attacks become more wide spread.
Can you pojnt to the news of the hacker winning $10K?
AFAIK that never happened
‘I think everybody understands by now that any pretense that OS X is more secure than any other OS is a myth’.
Only if the FUD and misinformation has fooled all of the people all of the time my friend. That I very much doubt, though I do wonder whether you are simply one of the fools who believe it or one of the instigators of that FUD. Or of course you could simply supply the facts to support your claims, which would indeed be a real first.
On a more serious point however ie that it is a ‘no win’ situation for Apple to try to keep up with the hackers I simply don’t agree. Succeeding in preventing or making the process too drawn out for all but the Geek without a life or his/her immediate friends, is all that they need to do to keep the problem under control in the greater market place. The main danger here would be alienating too many people who have bought such phones and have then been left high and dry upon an update and who take it out on Apple.
@Shinobi
“Can you pojnt to the news of the hacker winning $10K?
AFAIK that never happened”
Any google search will show many Articles on this hack. This one is from MacWorld.
$10,000 Mac hack affects Windows too
By Robert McMillan, IDG News Service
http://www.macworld.com/news/2007/04/25/qthack/index.php
The bug that helped security researcher Dino Dai Zovi claim a $10,000 prize at last week’s CanSecWest security conference affects Windows systems too.
That’s because the flaw that Dai Zovi exploited actually lies in the way Apple’s QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com’s TippingPoint division, which put up the $10,000 prize. QuickTime runs on both Windows and the Mac.
When first reported, last week Dai Zovi’s bug was thought to lie in Apple’s Safari browser, a standard component of Mac OS X. But users of Firefox — which supports QuickTime on both Windows and the Mac — are also at risk, Forslof said Tuesday.
In terms of seriousness, the bug is comparable to the animated cursor vulnerability that was recently patched in Windows, Forslof said. The bug “is the equivalent to a ‘click and you’re owned’ vulnerability,” she said.
Shinobi:
Where is the link to this CanSec so-called “exploit”? What were the conditions and set criteria of this exploit? From your description [only took like 9 hours for him to find this exploit], it sounds like the ‘hacker’ had direct access to the MacBook Pro itself. For NINE hours!? Whatever that’s called, it isn’t called a ‘hack’, in the malicious sense.
I’m sure you’re aware that almost all genuine, malicious hacks are committed remotely, whether on PC as is the routine, or a Mac as is yet to be seen in the wild. Currently, to exploit my Macs remotely requires me to give access by agreeing to install a web app from an unknown source. Assuming I’m not completely stupid, then that leaves me to invite some prick of a hacker into my house and offer my G5 Quad to play with. Now that’s not very likely is it?
If you think I’m wrong, and there are many examples of hackers gaining direct access to a Mac then tell us in detail about them – oh, and provide a link or some other validation. In other words prove it, by providing evidence. Without being fact-checked it amounts to nothing more than personal anecdote – and therefore worthless.
@ Huey Long,
He did not have direct access to the MacBook. In fact, he was not even at the CanSec conference.
It happened, see this link…there are others too. Its the same type of thing (buffer overflow) being used to jail break the iphone.
http://www.geeksaresexy.net/2007/04/22/pwn-to-own-hack-a-mac-win-a-macbook-pro-and-10000/
Obviously there are many of these vulnerabilities in iPhone, which is why they can continue to jail break them so easily.