More Details About Apple Plugging Exploits For Untethered Jailbreaks In iOS 4.3.4 And Up [MUST READ]
Yesterday, we reported on how iOS 4.3.4 won’t be receiving an untethered jailbreak from the hacking community anytime soon. i0n1c’s old exploit that was used to jailbreak iOS 4.3.x has been patched by Apple and new details have emerged regarding the patching of said exploit.
Stefan Esser aka i0n1c is an independent iOS hacker (i.e. he doesn’t belong to either the iPhone/Chronic Dev Team). So far, the Dev-Teams have used incomplete code-signing attacks to find/perform untethered jailbreaks on iOS devices running iOS 4.1 and up.
That exploit has been patched in the latest version of iOS i.e. iOS 4.3.4. The firmware was released two days ago in reaction to Comex’s JailbreakMe 3.0 tool that used a PDF-exploit in iOS 4.3.3 to jailbreak all iOS devices (including iPad 2) on said firmware.
The PDF-exploit used in JBme is, of course, a security risk. It’s nice to see Apple updating iOS so quickly to deal with the exploit but the update certainly isn’t good news for jailbreaking enthusiasts: the update patches two very important exploits, as hacker i0n1c talked about on Twitter:
For those that did not get it: iOS 4.3.4 does not only fix jbme3 as announced, but also silently kills the ndrv_setspec() integer overflow.
In addition to that iOS 4.3.4 also adds code to dyld to detect attacks with binaries using "incomplete codesigning".
"Incomplete codesigning attacks" were used for all untether exploits from at least iOS 4.1.0
This is all hack-speak for “iOS 4.3.4 won’t be receiving untethered jailbreak-love anytime soon”.
A significant consequence of this is the fact that in the very near future, all iOS devices that get sold from Apple Stores will come with iOS 4.3.4 which can’t be jailbroken untethered…
There was a similar issue when the iPod touch 4G released with iOS 4.1 pre-installed which didn’t have any jailbreaking tool for it. I was one of the earlier adopters and had no choice but to live without Cydia for a considerable amount of time.
Jailbreaking enthusiasts who are not on the latest version of iOS are suggested to stay far, far away from it. Although iOS 4.3.4 has been jailbroken via Redsn0w and PwnageTool (iPhone, iPad, iPod touch), the jailbreak is tethered, which means you have to connect the iOS device to a PC every time you restart the device which is a bit of a pain in the backside.
There aren’t any new features on iOS 4.3.4. If you want to stay secure and ensure that your device is both jailbreak-ready and secure, install PDF Patcher 2 as it provides the same advantage as updating to iOS 4.3.4 without the unpleasant hole-plugging business.
You can follow us on Twitter or join our Facebook fanpage to keep yourself updated on all the latest from Microsoft, Google and Apple.