Apple Fixes iPhone Flaw, But Hackers Get Round It

Last Friday Apple released the iOS 4.3.4 and iOS 4.2.9 updates for the iPhone, iPad and iPod touch devices, in an effort to patch a PDF rendering security flaw that was used to install the JailbreakMe hack.

However, according to Sophos, hackers have already bypassed the fix.

The flaw in iOS essentially allows Apple users to “jailbreak” their devices. This would then allow iPhone and iPad users to install non-Apple approved software and apps on their devices.

Security Flaw

“Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution,” Apple said in its update.

It also said that another vulnerability in its IOMobileFrameBuffer may allow “malicious code running as the user (to) gain system privileges”. This could be a seriously flaw allowing hackers full control of the device and access to its data.

Matters came to a head earlier this month when the JailbreakMe website published an automated, on-line method for opening recent iDevices running iOS 4.3.3. The German Federal Office for Information Security warned that this flaw made it possible for hackers to infiltrate Apple mobile devices by duping users into opening PDF document files that are booby-trapped with malicious computer code.

The German agency said that no attacks exploiting these weaknesses have so far been reported but users are urged not to open PDFs of unknown origin.

The JailbreakMe software (the tool to jailbreak Apple devices) was first published online in August last year by a developer known as ‘Comex.‘

The iOS 4.3.4 update and iOS 4.2.9 update supposedly closes the hole used by JailbreakMe. The Apple updates are of course free downloads and users can install the updates by connecting their device to iTunes or their computer.

Patch Bypassed?

However, according to a Paul Ducklin posting on the Sophos Naked Security blog, the jailbreakers claim to be back in already, having bypassed the patch.

“By all reports, the latest jailbreak doesn’t work for iPad2 users, and it can’t be done simply by visiting a website,” wrote Ducklin. “You need to plug your device in to a computer, in what’s called a “tethered” jailbreak, and you need to re-jailbreak it every time you reboot.”

“Nevertheless, Apple’s latest security fix has been circumvented already,” he warned. “With this in mind, the tricky question becomes, ‘Whom should I trust more: Apple or the jailbreakers?’”

I can’t answer that question – and if your iDevice is provided by your company, you shouldn’t try to answer it by yourself,” he added. “Perhaps the best way to approach the issue is to rephrase it more equivocally, in the manner of Google, which sets out not to be evil, rather than actually to be good.”

“So, if you’re thinking of jailbreaking, ask yourself, ‘Do I distrust the jailbreakers.’ If not, then jailbreaking may be for you. Just be sure to read all the security guidelines associated with the process, and be sure you have the explicit permission of the owner of the device,” he said.

He then went on to admit he has a jailbroken iPad.

Apple was once regarded as a secure environment, but increasingly Apple is facing a number of security challenges.  Trusteer for example recently warned that five percent of iPhones and Android phones will be infected with malware in 2012.