Why you need the iOS updates Apple released today

by Volker Weber

Apple released 4.0.2 for the iPhone and 3.2.2 for the iPad. There is a single fix*: it closes a security hole in the PDF viewer, which could be used for a remote code injection.

What does that mean? Somebody can write a malicious PDF file that bombs the viewer and allows to inject code into the iPhone. It became famous by the website that let you jailbreak the iPhone directly from Safari. Oh, the fun. People across the world visited Apple stores to jailbreak the iPhones on display.

Once you installed the update, your jailbreak is gone. And you won't be able to apply it with this particular method.

While a jailbreak is desirable to many iPhone users, this particular hack is a security nightmare. You just don't want a random stranger to be able to run code on your iPhone. And that's also the problem with rooting your phone or jailbreaking it. Have you ever considered changing the password of that root account?

Unlocking an iPhone requires jailbreaking it. Don't set yourself up for that. Either get an unlocked iPhone. And if you really need to run software from other sources, why not get an Android, or a Palm device? There is no jail to break there.

*) What you are really waiting for is the 4.1 update.

Comments

Last time I checked people were also "rooting" their Android devices. Why?
- Overclocking
- More applications (e.g. a firewall)
- installing other ROMs (e.g. 2.2 on a device which doesn't officially support it)
- getting rid of "branding" limitations

;-)

And until Apple makes the SMS-sound customizable, supports themes and widgets on the lock screen, a real terminal and a full bluetooth stack and not the crippled one (devices need special cryptochip to exchange data over bluetooth, wtf?!) ... until then jailbreaking is worth the risk.

Sebastian Herp, 2010-08-12

Well, yes. There are people who root Android devices. Not necessarily those who were smart enough to buy an Android Dev Phone. :-) In any case, if you do that, you should change the root password.

It's generally a bad idea to buy a phone from the carrier, the way that it's done in the US market. You are better off, if you buy the phone from the manufacturer, whether it is Apple or HTC.

But I maintain that if you cannot live inside the Apple ecosystem, you should not get yourself an iPhone in the first place.

Volker Weber, 2010-08-12

Will see if the Apple store can update my equipment while on travel w/o macbook.

Thomas Koester, 2010-08-12

I don't think that unlocking the iPhone is necessarily jail breaking it. I am about to unlock my old iPhone to give to my son while I play with my shiny iPhone 4. As I understand it I send a request to O2 (my provider in the UK) and they send an unlock code. After that my son can use his own SIM card in the phone from a separate provider.
The proviso of course is "as I understand it" - I may well be wrong but I guess I'm about to find out. Cross fingers. :-)

John Lindsay, 2010-08-12

As I commented over at Daniel Nashed's blog:

"If you're jailbroken, then you can still get your security holes patched. There is a "PDF Patch" app in Cydia (jailbreak app store) that will be released soon. Fixing What Apple Won't

Actually, they're fixing this going back to 2.x devices. This means that if you have a first-gen iPhone or Touch, then you can get this security hole patched since Apple doesn't care about this being an issue with older devices that they believe people should have upgraded to a newer devices. ;)"

As Sebastian said, there are many good reasons that iPhone users may want to jailbreak the device. Is this a crazy restriction on Apple's part that they won't allow "legitimate" apps to do some of these tasks? Yes. But like you said it's Apple's ecosystem. They've always been closed in many respects.

Chris Whisonant, 2010-08-12

I still have an old first gen iPhone. What I'm thinking here is that I'll actually have to jailbreak my phone in order to make it secure. That's kinda messed up.

Julian Robichaux, 2010-08-13

@John - you understand correctly. I followed the O2 unlock route with my wife's 3GS and it worked as I expected. Lucky son, you have!

John ash, 2010-08-14

What does this mean for iPhone 3GS users who don't want to upgrade to 4.x yet? iOS/iPhoneOS 3.x works fine for me, and 4.x still seems beta by public accounts.

Also, it sounds like the upgrade process takes many hours and is best accomplished with wiping my phone and then restoring from backup. Does this mean that I will lose my apps that I installed but were subsequently pulled from the App Store? It sounds like it.

Sam Bijen, 2010-08-17

Recent comments

Marko Knaack on Google Chat & Meet verbergen at 16:20
Sven Richert on Cowboy 3 :: Smartes Single-Speed E-Bike at 14:15
Martin Imbeck on Cowboy 3 :: Smartes Single-Speed E-Bike at 13:43
Volker Weber on Cowboy 3 :: Smartes Single-Speed E-Bike at 12:18
Sven Richert on Cowboy 3 :: Smartes Single-Speed E-Bike at 12:13
Frank van Rijt on Jabra Elite 85h :: Stuff that works at 11:40
Martin Imbeck on Cowboy 3 :: Smartes Single-Speed E-Bike at 10:54
Volker Weber on Cowboy 3 :: Smartes Single-Speed E-Bike at 10:54
Volker Weber on Five years :: 1824 days at 10:47
Oliver Leibenguth on Five years :: 1824 days at 10:45
Volker Weber on Cowboy 3 :: Smartes Single-Speed E-Bike at 08:58
René Fischer on Jabra Elite 85h :: Stuff that works at 08:53
Ragnar Schierholz on Jabra Elite 85h :: Stuff that works at 08:18
René Winkelmeyer on Cowboy 3 :: Smartes Single-Speed E-Bike at 08:05
Dominique Roller on Cowboy 3 :: Smartes Single-Speed E-Bike at 07:53
Axel Koerv on Cowboy 3 :: Smartes Single-Speed E-Bike at 00:29
Uwe Papenfuss on Cowboy 3 :: Smartes Single-Speed E-Bike at 23:54
Axel Koerv on Cowboy 3 :: Smartes Single-Speed E-Bike at 23:53
Volker Weber on Jabra Elite 85h :: Stuff that works at 21:55
Volker Weber on Jabra Elite 85h :: Stuff that works at 21:52
René Fischer on Jabra Elite 85h :: Stuff that works at 19:51
Volker Weber on Jabra Elite 85h :: Stuff that works at 19:16
Ragnar Schierholz on Jabra Elite 85h :: Stuff that works at 19:14
Volker Weber on EPOS Adapt 660 :: Three Questions at 18:49
Martin Sckopke on EPOS Adapt 660 :: Three Questions at 18:06

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 19:01

visitors.gif

Paypal vowe