This Week's Sponsor:

Kolide

Ensures that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.

JailbreakMe: The Good, The Bad and The Pointless

A few hours ago @comex finally released his universal jailbreak tool for iPhone, iPod Touch and iPad called “JailbreakMe”. Unlike many previous jailbreak tools released in the past three years, this time you don’t need a computer to install Cydia on your device: jailbreakers are using the cloud now, and all you have to do is visit a website in Mobile Safari and wait for the exploit to “land” on your home screen.

Of course Apple isn’t happy about jailbreak. They never were. But this time - this time they have a pretty big issue on their hands. JailbreakMe seems to be based on a PDF vulnerability that is activable in Safari and, potentially, could lead to malicious software sent to users via emails and the browser.

Comex knew that Safari automatically downloads PDF files, and he managed to inject the necessary jailbreak code in the PDF decoder, thus allowing you to install Cydia by just visiting a website. For users, it’s magic. But if you think about it, for users and Apple this is a problem. Like I said, I wouldn’t be surprised to see malicious softwares floating around in the future, all based on browser vulnerabilities. This is a common situation for desktop users, and it’s kind of a first on the iPhone. There were some similar hacks in the past, but this is so huge it won’t go unnoticed. So, I’d expect an iOS 4.0.2 update fixing “critical PDF vulnerability” very soon.

Still, who’s to blame? Apple, for leaving this PDF hole out there? Or is Comex a genius for finding out about it? I say both. Vulnerabilities are a problem - especially on the iPhone, or Apple devices in general - but it’s when hackers find out about them and release tools based on them that Apple has to intervene.

As for the jailbreak itself, I’ve just jailbroken a 3GS and it worked good. Cydia is pretty unstable at the moment, but I’m used to it. What bothers me, though, is that jailbreak on the iPhone 4 is pointless right now. Apps aren’t updated for the Retina Display, and tweaks such as SBSettings, LockInfo and Activator are buggy, slow and unsupported. Why release a universal jailbreak when, actually, it is not universal? Just for the sake of it? Couldn’t they seed jailbreak builds to selected developers, like Apple does, in order to assure compatibility when the jailbreak is released publicly?

Furthermore, it looks like it may also break FaceTime and MMS. I did not jailbreak my iPhone 4 - it’s simply not worth it.

A while ago I wrote that jailbreak on iOS 4 still matters. The thing is, it matters if Cydia developers want it to be revelant. Otherwise, I’m out of this game.

Join

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.

Federico is the founder and Editor-in-Chief of MacStories, where he writes about Apple with a focus on apps, developers, iPad, and iOS productivity. He founded MacStories in April 2009 and has been writing about Apple since. Federico is also the co-host of AppStories, a weekly podcast exploring the world of apps, and Unwind, a fun exploration of media and more.

He can also be found on his other podcasts on Relay FM: Connected and Remaster, two shows about Apple and videogames, respectively.

@viticci
@viticci
@viticci@macstories.net
viticci@macstories.net