iPhone 3.1.4 / 3.2 to Patch Browser Based Jailbreak Exploit?
Remember those old days when you simply pointed your browser to a website and voila, you had an instant jailbroken iPhone? Those were old iPhone OS 1.x days. The same technique for jailbreaking may be possible again, unless and until Apple patches this exploit in the upcoming firmware.
As we informed you earlier today, at Pwn2Own contest, two hackers named Ralph Phillip Weinmann and Vincenzo Iozzo won the prize money of US $15,000 after they found a security flaw in iPhone that could bring back the good old days of browser based jailbreaking. According to Weinmann who hacked the SMS database in iPhone, the phone’s browser should be pointed to a website which hosts the exploit code, the code then executes and uploads all the SMS database to the server which the phone visited.
If it’s possible to run such an exploit to grab the SMS database from the phone, then it’s also possible to perform an over-the-air (OTA) jailbreak of the iPhone. But, it’s highly likely that Apple would again work on it to cover up the bug. iPhone Dev-Team member Musclenerd has also warned iPhone users via his twitter account that Apple is likely to close down this loop hole soon, possibly via a new iPhone 3.1.4, or iPhone 3.2 firmware update.
"Userland exploits affect security for all iPhones so expect Apple to close these as soon as they can. JBers avoid updates!"