Apple this week released an anti-jailbreaking security patch for iPads and iPhones, but the fix didn’t totally do the job.
Apple’s downloadable security updates — iOS 3.2.2 for iPad and iOS 4.0.2 for iPhone and iPod touch — repair two underlying vulnerabilities exploited by Comex’s JailBreakMe.com, a Web site for users who wanted to jailbreak their own devices.
Through jailbreaking, you can run applications outside of Apple’s App store or remove apps that come pre-loaded with the gadget, for example.
One of the security vulnerability that JailBreakMe took advantage of allowed attackers running malware on iOS-enabled devices to gain system privileges.
The other flaw let attackers execute code when the user viewed a PDF document containing maliciously crafted embedded fonts.
iPhone 3GS Phones Still Vulnerable
However, Apple failed to also update the 05.13.04 baseband that comes with iOS 4.02, thereby still permitting jailbroken iPhone 3Gs running iOS 4.0.2 to get unlocked with a tool called Ultrasn0w, according to Taimur Asad, author of the Redmondpie blog.
Initially designed for unlocking iPhone 3G, 3GS, and 4 phones, Ultasn0w is produced by the iPhone Dev Team, another group of security experts.
While jailbreaking an iPhone simply provides read/write access to the file system in the OS, unlocking an iPhone allows the phone to accept SIM cards from multiple wireless carriers, enabling calls to be made on any of their networks.
While this might be great if you simply want to dump AT&T, for instance, it could spell trouble if you lose your phone and it falls into the wrong hands,
Also, the original iPhone or the iPod touch 1G “got left out in [the] cold” by Apple’s patches, Asad noted. In response, the iPhone Dev Team has now produced its own patches for the earlier devices.
Meanwhile, users of iPads, iPod touches, and other iPhones could also be at greater risk than before. In retaliation for the Apple patches, Comex has published the JailBreakMe exploit code on its Web site.
This move will make it easier for outside attackers to jailbreak gadgets belonging to users who don’t even wish their devices to get jailbroken.