Why you need the iOS updates Apple released today

by Volker Weber

Apple released 4.0.2 for the iPhone and 3.2.2 for the iPad. There is a single fix*: it closes a security hole in the PDF viewer, which could be used for a remote code injection.

What does that mean? Somebody can write a malicious PDF file that bombs the viewer and allows to inject code into the iPhone. It became famous by the website that let you jailbreak the iPhone directly from Safari. Oh, the fun. People across the world visited Apple stores to jailbreak the iPhones on display.

Once you installed the update, your jailbreak is gone. And you won't be able to apply it with this particular method.

While a jailbreak is desirable to many iPhone users, this particular hack is a security nightmare. You just don't want a random stranger to be able to run code on your iPhone. And that's also the problem with rooting your phone or jailbreaking it. Have you ever considered changing the password of that root account?

Unlocking an iPhone requires jailbreaking it. Don't set yourself up for that. Either get an unlocked iPhone. And if you really need to run software from other sources, why not get an Android, or a Palm device? There is no jail to break there.

*) What you are really waiting for is the 4.1 update.

Comments

Last time I checked people were also "rooting" their Android devices. Why?
- Overclocking
- More applications (e.g. a firewall)
- installing other ROMs (e.g. 2.2 on a device which doesn't officially support it)
- getting rid of "branding" limitations

;-)

And until Apple makes the SMS-sound customizable, supports themes and widgets on the lock screen, a real terminal and a full bluetooth stack and not the crippled one (devices need special cryptochip to exchange data over bluetooth, wtf?!) ... until then jailbreaking is worth the risk.

Sebastian Herp, 2010-08-12

Well, yes. There are people who root Android devices. Not necessarily those who were smart enough to buy an Android Dev Phone. :-) In any case, if you do that, you should change the root password.

It's generally a bad idea to buy a phone from the carrier, the way that it's done in the US market. You are better off, if you buy the phone from the manufacturer, whether it is Apple or HTC.

But I maintain that if you cannot live inside the Apple ecosystem, you should not get yourself an iPhone in the first place.

Volker Weber, 2010-08-12

Will see if the Apple store can update my equipment while on travel w/o macbook.

Thomas Koester, 2010-08-12

I don't think that unlocking the iPhone is necessarily jail breaking it. I am about to unlock my old iPhone to give to my son while I play with my shiny iPhone 4. As I understand it I send a request to O2 (my provider in the UK) and they send an unlock code. After that my son can use his own SIM card in the phone from a separate provider.
The proviso of course is "as I understand it" - I may well be wrong but I guess I'm about to find out. Cross fingers. :-)

John Lindsay, 2010-08-12

As I commented over at Daniel Nashed's blog:

"If you're jailbroken, then you can still get your security holes patched. There is a "PDF Patch" app in Cydia (jailbreak app store) that will be released soon. Fixing What Apple Won't

Actually, they're fixing this going back to 2.x devices. This means that if you have a first-gen iPhone or Touch, then you can get this security hole patched since Apple doesn't care about this being an issue with older devices that they believe people should have upgraded to a newer devices. ;)"

As Sebastian said, there are many good reasons that iPhone users may want to jailbreak the device. Is this a crazy restriction on Apple's part that they won't allow "legitimate" apps to do some of these tasks? Yes. But like you said it's Apple's ecosystem. They've always been closed in many respects.

Chris Whisonant, 2010-08-12

I still have an old first gen iPhone. What I'm thinking here is that I'll actually have to jailbreak my phone in order to make it secure. That's kinda messed up.

Julian Robichaux, 2010-08-13

@John - you understand correctly. I followed the O2 unlock route with my wife's 3GS and it worked as I expected. Lucky son, you have!

John ash, 2010-08-14

What does this mean for iPhone 3GS users who don't want to upgrade to 4.x yet? iOS/iPhoneOS 3.x works fine for me, and 4.x still seems beta by public accounts.

Also, it sounds like the upgrade process takes many hours and is best accomplished with wiping my phone and then restoring from backup. Does this mean that I will lose my apps that I installed but were subsequently pulled from the App Store? It sounds like it.

Sam Bijen, 2010-08-17

Recent comments

Volker Weber on Fritz!Fon C4, C5 und C6 :: Stuff that works at 21:21
Markus Schott on Fritz!Fon C4, C5 und C6 :: Stuff that works at 17:03
Sven Thomsen on Viele neue Echos :: Amazon rüstet massiv auf at 07:55
Jonas Rathert on Critical Intel Thunderbolt Software and Firmware Updates - ThinkPad at 12:29
Manfred Wiktorin on Beats Solo Pro with ANC at 10:33
Tim Bellinghausen on Losing your laptop at 10:17
Andreas Kurtz on Losing your laptop at 08:28
Philipp Haun on Losing your laptop at 06:40
Volker Butterstein on Share music on two headphones from iPhone at 06:36
Maximilian von Hulewicz on Beats Solo Pro with ANC at 11:18
Maximilian von Hulewicz on Google Pixel 4 vorgestellt at 11:17
Felix Binsack on Beats Solo Pro with ANC at 10:54
Volker Weber on Beats Solo Pro with ANC at 23:33
Adrian Woizik on Beats Solo Pro with ANC at 23:08
Volker Weber on Beats Solo Pro with ANC at 22:42
Adrian Woizik on Beats Solo Pro with ANC at 22:40
Enrico Lippmann on Google Pixel 4 vorgestellt at 14:40
Felix Binsack on Beats Solo Pro with ANC at 13:23
Volker Weber on Beats Solo Pro with ANC at 09:02
Johannes Matzke on Beats Solo Pro with ANC at 09:00
Thomas Cloer on Google Pixel 4 vorgestellt at 08:17
Volker Weber on Fritz!Fon C4, C5 und C6 :: Stuff that works at 20:08
Maik Endler on Fritz!Fon C4, C5 und C6 :: Stuff that works at 20:05
Andreas Krümmel on Fritz!Fon C4, C5 und C6 :: Stuff that works at 11:36
Hubert Stettner on Fritz!Fon C4, C5 und C6 :: Stuff that works at 11:24

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 02:05

visitors.gif

buy me coffee

Paypal vowe