Feeds

Jailbreak hole in iOS 4.1 will be hard to close

All Steve Jobs's horses and all Steve Jobs's men ...

Internet Security Threat Report 2014

Just hours after Apple released iOS 4.1 to great fanfare, hardware hackers found a way to jailbreak devices that run the new operating system. More surprising still, there doesn't appear to be anything Steve Jobs can do to stop them in the near future.

The exploit in the boot ROM of iOS devices was first announced by iPhone Dev-Team member pod2g. It was soon confirmed by other hackers, who said that because the exploit targets such a low-level part of the operating system, Apple won't be able to stop jailbreakers without making significant hardware changes.

That's in stark contrast to previous jailbreak holes, such as the one exploited for weeks on a site called Jailbreakme.com. That hack relied on two software bugs in iOS, allowing Apple engineers to stop the jailbreaking with a simple update. Ironically, an even earlier jailbreak known as the 24kpwn exploit was eliminated by tweaking iPhone 3GS phones to add — you guessed it — the vulnerable boot ROM.

All iPhones, iPod touches, and iPads that have shipped since November contain the same component.

Dev-Team members say there is still work to be done to fine-tune the exploit technique and that would-be jailbreakers are best served by forgoing the update to 4.1 for now. The admonition comes after they called iOS 4.1 a trap designed to prevent future jailbreaking and unlocks. ®

Internet Security Threat Report 2014

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.