[PCWorld]

Post your comments for JailbreakMe Exploits Serious iPhone Security Flaw here

[QUADICON]

Its not a security issue. Any browser whether mobile or desktop, is vulnerble. However, the vulnerability doesn't happen without user intervention. In this case, it requires the user to execute the commend needed. In this case download.

I have never seen a browser exploint that just happen automatically just because you visited a site. It requires at least 1 extra click.

The jailbreak worked, I have no complaints.

[bhawthorne]

I agree that the jailbreak worked well, and easily. Unfortunately, what if the pdf taking advantage of Userland hole wasn't on jailbreakme.com, but was on a site that you thought was reliable but wasn't? The security issue is that this could theoretically happen with any PDF file that you download on the web with your iPhone. Most people assume that iPhones are secure enough that they do not worry about things like malicious PDF files. How many PDF files have you interacted with on your iPhone? What kind of trojan horse could PDFs install on your iPhone using this hole?

I don't know the answer to these questions. While I trust comex and the other jailbreak writers, security through obscurity never works. How long until someone outside that group gets a hold of the hole (e.g., by analyzing the PDF that exploits it) and creates a malicious exploit?

[bhawthorne]

To followup, this is the reason why Apple should allow outside app installers like Cydia and Rock. If the outside developers weren't intent on keeping secret any security holes they could exploit for jailbreaks, those holes might actually be reported and plugged sooner

So, the result of Apple's insistence on not allowing you to install the software you want on your computer (iPhone, iPad, iPod) is that the devices are less secure.

[tonybradley]

You've never seen a browser exploit that doesn't require user intervention ON THE iPhone? Or on any platform? Driveby downloads and exploits that don't require user intervention are not uncommon.

Besides--it is not difficult at all to create a malicious exploit that directs a user to a Web site and then lures them into clicking on the trigger to initiate the download.

[xyberviri]

When it happens on windows everyone complains about how m$ is all evil and wants money, when it happens on Apple everyone says they do it to protect inovation. when the hackers do it to give you something you want they say oh its just the means to the end so dont worry about it.

i can't wait for the day when everone stop bashing everyone elses stuff and just lets things be. "I hate ....." is the dumbest statment i have ever heard from anyone.

[malsip]

Quadricon wrote:
>> QUADICON posted Tue Aug 03 07:10:28 PDT 2010
>>Its not a security issue. Any browser whether mobile or
>>desktop, is vulnerble.

Not a security issue? Please, if you don't understand technology, don't make comments on it. Misleading and horribly inaccurate statements like this end up causing great harm to inexperienced folks who might believe it. This is a major security issue, and, no, "any browser whether mobile or desktop" is NOT vulnerable.

further:
>> have never seen a browser exploint that just happen
>> automatically just because you visited a site. It
>> requires at least 1 extra click.

Utter nonsense. There are tens of thousands of such exploits. No 'extra click' required. You visit the site, you're cracked. Simple as that.

[bija27]

This is the easiest jailbreak ever! I am so envious of Canadians and people who live in countries where they can buy a factory unlocked iPhone to use with any carrier. I jailbreak my iPhone because I want to use TMobile as my carrier. I don't care about unauthorized apps. I could live with only Apple-approved apps, but I want to use whatever carrier I choose. I would be willing to pay more for an iPhone that is factory unlocked.

[Candide08]

Citizen Job's dying words... "alpine, alpine..."

[dbinvermont]

Let's not loose sight of the real issue here. The Jailbreakme web site is not the problem, the vulnerability already existed. If there is something to exploit, it will happen regardless.
If the Iphone was not so proprietary, Jailbreakme.com would not be neccessary.
I say jailbreak away.

[ZacShan]

My iPhone is factory unlocked and my OS is 4.0.1 (latest version). Now if I jailbrake my iPhone and later can I update iOS 4.0.2? will it work? or get locked? Can anybody help me? email me zacshan@gmail.com

[BDotG1992]

Why Do Admins Need To Stop People From Jailbreaking? Last Week A High Court Judge Ruled That Jailbreaking Is Not Illegal And It Is Up To The Customer Whether They Wish To Jailbreak. However If That Customer Installs Cracked Apps On Their Device Then Yeah Admins Should Be Able To Stop Them But Other Than That There Is Nothing Wrong With Jailbreaking! It Just Makes A Good Device, Better! Thanks

[tonybradley]

@BDotG1992

It is also not illegal for people to install legally licensed software on their computer, but IT admins should restrict and control that activity as well.

First of all, the fact that the United States Copyright Office ruled that jailbreaking the iPhone is not a violation of copyright or the DMCA doesn't mean that it couldn't violate other laws in some way, and it violates the Apple warranty.

Second of all--even if it were guaranteed not to be illegal, and even if Apple gave jailbreaking its blessing and would continue to provide warranty support--IT admins need to be able to manage the smartphones such as the iPhone within their environment, and they need to be able to meet compliance requirements and protect communications and the data stored on the device. They can't meet those objectives if users are jailbreaking the iPhone and installing a bunch of underground apps without approval.

[bbvammy]

Why would I want to use iPhone knowing other people can use this security flaw for their own evil intend.

I would ask Apple to fix it ASAP.

[amingilani]

JailbrokenMe patches the vulnerability after its download. Hence, in this scenario atleast, Jailbreaking is the right thing to do. What moron came up with a tool against this..
Not trying to start a flamewar, but in essence, the tool basically notifies an admin if a user patches the vulnerability, so that the admin can revert the patch.