Apple Already fixed Comex's new exploit?

[iFish]

JailbreakMe brought root to the iPhone 4-wielding masses, but also unearthed a nasty exploit in a PDF font. Thankfully for the rooted and those who never intended to root, Cupertino claims it has already patched the hole. "We're aware of the reported issue, we have already developed a fix and it will be available to customers in an upcoming software update," an Apple spokeswoman told CNET. We're not sure exactly when it will arrive, but we'd lay odds on soon -- in the meantime, don't open any PDFs you don't trust, don't do anything illegal or immoral, and hit up Comex's hack ASAP if your heart's still set on that shiny new unlock.

This exploit was just released sunday... and it's will already be fixed. i knew it was easy to patch... but.. whatever

Source

 

[Bladexdsl]

thank god the guys working at apple don't work for nintendo

 

[Scott-105]

Wow that was fast.

 

[Hakoda]

thank god the guys working at apple don't work for nintendo

This.

 

[Delta517]

thank god the guys working at apple don't work for nintendo

Lol!

 

[ball2012003]

in the meantime, don't open any PDFs you don't trust, don't do anything illegal or immoral

i thought jailbreaking was leagal

 

[GameSoul]

in the meantime, don't open any PDFs you don't trust, don't do anything illegal or immoral

i thought jailbreaking was leagal

It is, but we all know what most people use it for, and Apple is worried about the site breaking into the firmware.

 

[iFish]

Jailbreaking is legal... but it still breaks Apple's EULA.
----------------

in the meantime, don't open any PDFs you don't trust, don't do anything illegal or immoral

i thought jailbreaking was leagal

It is, but we all know what most people use it for, and Apple is worried about the site breaking into the firmware.

No? people already de-code the firmware..... that's not the problem

 

[Chris_Skylock]

thank god the guys working at apple don't work for nintendo

If this was facebook, I will soooooo LIKE your post

 

[Neko]

The problem is that Comex's his exploit could potentionally be used to brick iPhones all over the world just by letting them visit a scam site or a hacked website.

 

[Fluto]

so i could make a pdf with a virus in it to kill the iphone and disguise it as something

interesting...

 

[Jamstruth]

An update I won't be getting. Jailbroken I shall stay!

 

[RupeeClock]

Seeing as it was a browser exploit, it must've been considerably easy to fix it.
Curious, does it work before IOS 4.0 or not? If it doesn't then those who didn't update yet are screwed.

 

[The Pi]

An update I won't be getting. Jailbroken I shall stay!

Same

 

[Madridi]

Seeing as it was a browser exploit, it must've been considerably easy to fix it.
Curious, does it work before IOS 4.0 or not? If it doesn't then those who didn't update yet are screwed.

Why would they be? They could always update to 4.0 and jailbreak.. or am I missing something here?

 

[Slyakin]

Seeing as it was a browser exploit, it must've been considerably easy to fix it.
Curious, does it work before IOS 4.0 or not? If it doesn't then those who didn't update yet are screwed.

Why would they be? They could always update to 4.0 and jailbreak.. or am I missing something here?

When they update, they will by-pass 4.0 and go to 4.0.1 or whatever the fix is. Updates are handled by Apple.

Unless you do the Shift-Restore in iTunes. That requires DFU mode, though.

 

[overlord00]

wait, did they do a quiet update... ie it auto updates safari... or do they have a 4.0.2 firmware... totally dont understand... prob didnt read it propper

 

[Slyakin]

wait, did they do a quiet update... ie it auto updates safari... or do they have a 4.0.2 firmware... totally dont understand... prob didnt read it propper

No, I think it's in the next software update, like 4.0.2, like you said.

 

[overlord00]

yeah, just read this and resolved my confusion;

On Wednesday an Apple spokeswoman said in a statement, "We're aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update."

 

[SifJar]

The problem is that Comex's his exploit could potentionally be used to brick iPhones all over the world just by letting them visit a scam site or a hacked website.

Bricking is the least of their worries tbh. AFAIK, there is nothing they could do that couldn't be fixed by a simple restore (perhaps from DFU mode if necessary). Much worse would be if they silently installed some software to steal all your contacts and other personal information, texts, emails etc. and send them back to a remote server. Think of the havoc that would cause. And it'd probably be possible to make it that the user never even realises.

so i could make a pdf with a virus in it to kill the iphone and disguise it as something

interesting...

TBH, I doubt you could (no offence

), but in theory, yeah its possible, but it would be more beneficial to a malicious hacker to steal contact info etc. to sell on.

QUOTE(RupeeClock @ Aug 5 2010, 03:39 PM)

Seeing as it was a browser exploit, it must've been considerably easy to fix it.
Curious, does it work before IOS 4.0 or not? If it doesn't then those who didn't update yet are screwed.

Why would they be? They could always update to 4.0 and jailbreak.. or am I missing something here?

Yeah, you're right, they can just download the 4.0 IPSW and restore it in iTunes, by Shift+Clicking restore and selecting the 4.0 IPSW. DFU mode may be necessary.