iOS 4.0.2 released, fixes jailbreak vulnerability

Neowin_iOSUpdate

Apple released another update for the iPod touch, iPhone 3G, 3GS and 4 today, patching two security holes in the operating system. iOS 3.2.2 for the iPad has also been released.

The update patches a security vulnerability in Safari, the same hole that hacker @Planetbeing used to create the latest jailbreak. The update will patch the vulnerability found in Safari's PDF viewer, allowing for unauthorized code to be run on the device. Interestingly, the update is only available for iPhone 3G, 3GS and 4 users, Apple will not patch the vulnerability on 1st generation iPhone devices.

The current jailbreak method, which can be used on any iDevice, uses the Safari browser and a single swipe of your finger to execute the unauthorized code, allowing users to run Cydia, a home-brew App Store developed by Jay Freeman.

Jailbreak users should use caution, as this update will unjailbreak your device.

The massive 579MB update is available through iTunes for the iPhone and iPod touch, just connect your device and click update.

Report a problem with article
Previous Story

New Chrome beta includes credit card AutoFill, is this wise?

Next Story

Google-Verizon: It's all about the Money

58 Comments

Commenting is disabled on this article.

Viriix said,
fix the damn antenna before u patch the damn jailbreak apple *******s.

That don't sell phones though. or, wait....

Real smooth apple muppets, 579mb updates will put a nice heavy load on your servers and people with slow connections are screwed

Auzeras said,
Real smooth apple muppets, 579mb updates will put a nice heavy load on your servers and people with slow connections are screwed

Mine was only 380mb (3GS)

I'm still debating jailbreaking my iPhone 4, so I think I'll sit and wait and think some more about it. I've jailbroken my iPhone 3GS using this exploit and should be receiving a SIM adapter this week. I'm going to give that a whirl. TBH, the only JB things I'm interested in on my phone are:
* Free WiFi hotspot/tethering
* SBSettings are NICE
* I would like it if Emails appeared on my lock screen like SMS does. Does anyone know of a good program for this? I'm trying out LockInfo now, and it kinda works (although bloated for my needs). I dislike how there is no reply button for emails in LockInfo. Or, even better, does anyone know of a PUSH notification app that makes Google Voice SMS more seamless. Right now I'm doing it all through email.

If I can get all of that working on my 3GS and I'm satisfied with it (and know how restore), I'll JB my iPhone 4. I'm more paranoid than most it would seem....lol.

Downloaded and installed with no issues.

iOS 4.0.2 working perfectly on my 3GS with no major issues since the initial iOS 4 release. Guess I'm one of only a few lucky people to not have any problems?

bbfc_uk said,
Downloaded and installed with no issues.

iOS 4.0.2 working perfectly on my 3GS with no major issues since the initial iOS 4 release. Guess I'm one of only a few lucky people to not have any problems?

Running fine on my 3GS as well

This is apparantly what iOS 3.2.2 fixes on the iPads:

-----

FreeType

CVE-ID: CVE-2010-1797

Available for: iOS 3.2 and 3.2.1 for iPad

Impact: Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution

Description: A stack buffer overflow exists in FreeType's handling of CFF opcodes. Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution. This issue is addressed through improved bounds checking.

IOSurface

CVE-ID: CVE-2010-2973

Available for: iOS 3.2 and 3.2.1 for iPad

Impact: Malicious code running as the user may gain system privileges

Description: An integer overflow exists in the handling of IOSurface properties, which may allow malicious code running as the user to gain system privileges. This issue is addressed through improved bounds checking.

-----

Well where the hell is the fix for the light sensor issue? The Wifi issue? The charging issue? Great that Apple fixed this PDF bug, but what about all the bugs that 10's of thousands of people are reporting that actually impact their daily use of their iPad's??? The original Internet nickname "iFail" really applies here, because not only is the iPad an iFail, so is the whole company that makes these products. Thank god I never paid for my iPad, otherwise I'd be in an Apple store demanding my money back!

-=MagMan=- said,
Well where the hell is the fix for the light sensor issue? The Wifi issue? The charging issue? Great that Apple fixed this PDF bug, but what about all the bugs that 10's of thousands of people are reporting that actually impact their daily use of their iPad's??? The original Internet nickname "iFail" really applies here, because not only is the iPad an iFail, so is the whole company that makes these products. Thank god I never paid for my iPad, otherwise I'd be in an Apple store demanding my money back!
The WiFi issue was fixed in 3.2.1.

The charging "issue" isn't an issue. It's a simple fact that the iPad requires more power than a typical USB port can provide while the screen is on. All modern Macs provide that extra power. Most PCs don't, so the screen needs to stay off for the iPad to charge properly.

The light sensor in my iPad seems to work fine. It just takes fairly large ambient light shifts to make it work (which is probably a good thing as it reduces brightness flickering from oversensitivity).

Elliott said,
The WiFi issue was fixed in 3.2.1.

The charging "issue" isn't an issue. It's a simple fact that the iPad requires more power than a typical USB port can provide while the screen is on. All modern Macs provide that extra power. Most PCs don't, so the screen needs to stay off for the iPad to charge properly.

The light sensor in my iPad seems to work fine. It just takes fairly large ambient light shifts to make it work (which is probably a good thing as it reduces brightness flickering from oversensitivity).

Great, another person defending Apple and their crap-___ products... The Wifi issue was NOT fixed in 3.2.1, as I am running it right now, and still experiencing it, along with the thousands of other 3.2.1 users who are littering the Apple forums and other boards with complaints. And I have not seen ANY other device that needs more than the standard USB 2.0 spec of power output in order to charge. So perhaps instead of calling it a bug, maybe I should just call it a design flaw, as it does seem more accurate.

The light sensor only seems to work during "large shifts" on some iPads, but none of the 64GB models work, nor do any of the 16GB "display only" models Apple sent to retail outlets for demo purposes. I would know, as I went to one today where they had 4 of damn pads on display, and I completely covered each sensor and held it covered for 2 minutes each, and the pads didn't so much as dim worth a damn.

People that try to defend a company who has been proven to put out crap products, I feel don't deserve any sympathy. You want to waste your hard-earned money on crap, when there are better alternatives out there, be my guest. But don't be a jack-___ and try to defend something when someone has proven you wrong on every point.

Jan said,
Anyone having problems in the photo app? Half my photos display as black squares.
Probably apple test engineers are sitting in antenna test rooms instead of testing phone.

Jan said,
Anyone having problems in the photo app? Half my photos display as black squares.
Did you try quitting the app (as in removing it from multitasking memory if you have a 3GS or 4) and opening it up again? Sounds like a caching problem.

Jan said,
Anyone having problems in the photo app? Half my photos display as black squares.

I kinda had this problem but it was only showing black squares for some wallpapers I had downloaded. I didn't use them so just deleted them. None of the photos I have taken have this problem.

Elliott said,
Did you try quitting the app (as in removing it from multitasking memory if you have a 3GS or 4) and opening it up again? Sounds like a caching problem.

I have a 3G

I won't be updating then, not till a new jailbreak comes out at least.

Windows service packs aren't as big as these small security updates, bloody hell.

thealexweb said,
I won't be updating then, not till a new jailbreak comes out at least.

Windows service packs aren't as big as these small security updates, bloody hell.


heh, same reason i'm not. 579MB wasted on bandwidth to unjailbreak my phone? No thanks

Apple needs to learn how to patch.. seriously.

Andrew Lyle said,

heh, same reason i'm not. 579MB wasted on bandwidth to unjailbreak my phone? No thanks

Apple needs to learn how to patch.. seriously.

Patching on unknown changed code would lead to a lot of issue.

etempest said,

Patching on unknown changed code would lead to a lot of issue.

Patching on Apple's OWN code would be very simple though. And yet people's "updates" are still 300+ MB large. That's not a patch.

andrewbares said,

Patching on Apple's OWN code would be very simple though. And yet people's "updates" are still 300+ MB large. That's not a patch.

Think about what you're saying.... If Apple just patches the code and breaks the millions of iDevices that are jailbroken, there would be a massive outrage. Simple as that.

Geez, so many people on here bitch about the size of the update, but don't even give it the time of day as to why they do that.

I want a fix to my gmail sync problem, and my dreadful battery on the 3gs, have to charge every other day now, rather than every 3-4 days.. shocking... Even thinking about taking to apple shop for downgrade to 3.1.3.. Ive lost more than Ive found useful with the 4 upgrade....

DrScouse said,
I want a fix to my gmail sync problem, and my dreadful battery on the 3gs, have to charge every other day now, rather than every 3-4 days.. shocking... Even thinking about taking to apple shop for downgrade to 3.1.3.. Ive lost more than Ive found useful with the 4 upgrade....

Charging your phone every 2 days is actually pretty good for a smartphone. Nothing to complain about.

andrewbares said,

Charging your phone every 2 days is actually pretty good for a smartphone. Nothing to complain about.

I just stick mine in the dock overnight to charge - no hassle.

If you have a jailbroken device, I understand that running the update will not allow you access to those apps, but does it also get rid of them off of the device?

NeoTrunks said,
If you have a jailbroken device, I understand that running the update will not allow you access to those apps, but does it also get rid of them off of the device?
Yes

NeoTrunks said,

Will the space will be freed up as well?

Yes. All of Apple's iDevice's updates completely wipes the devices back to nothing. All Apps, settings, music, etc. have to be put back on after the update.

DrDrrae said,
Yes. All of Apple's iDevice's updates completely wipes the devices back to nothing. All Apps, settings, music, etc. have to be put back on after the update.

If you do a restore, that is true. If you do an update which most people will be doing, then no, it does not blitz everything on your device at all. As for whether the space is reclaimed I believe it is.

I see a lot of people not getting this until a new jailbreak method is here. And likely not released for the iPhone 2G since iOS 4 is not on it.

TechDudeGeorge said,
I see a lot of people not getting this until a new jailbreak method is here. And likely not released for the iPhone 2G since iOS 4 is not on it.

As long as the baseband hasn't changed you can still use all the normal tools for jailbreaking. That is if you don't have an unlocked phone. Usually the process is to run the official update then rejailbreak your device using the old firmware. This way you get all the stuff from the new update and still have a jailbroken OS.

It's not an update, it's a whole new OS image. Apple don't patch the OS, they just overwrite the whole image. Hence the size. Apple need to learn how to do proper patching.

Matt Hardwick said,
It's not an update, it's a whole new OS image. Apple don't patch the OS, they just overwrite the whole image. Hence the size. Apple need to learn how to do proper patching.

+1

Matt Hardwick said,
It's not an update, it's a whole new OS image. Apple don't patch the OS, they just overwrite the whole image. Hence the size. Apple need to learn how to do proper patching.

Definitely. Creating incremental byte patches isn't hard to do, so long as the user has a previous .ipsw file on their hard drive.

Berserk87 said,
Wheres the patch that fixes my car stereo connectivity?!

Apple will most likely tell you to upgrade the firmware of your car's stereo.

LingeringSoul said,
I wonder if this will fix the WiFi problems in my iPod Touch (second generation). Here's hoping!

If you would, PM me and let me know how that works out, I'm in the same spot as you, but dont wanna upgrade unless it fixes the wifi.

Thanks.

LingeringSoul said,
I wonder if this will fix the WiFi problems in my iPod Touch (second generation). Here's hoping!

Glad it wasn't just me who found it a bit odd the wifi signal in iOS4 was a bit too weak on my Touch.

I wish that Apple would accept that jailbreaking has actually helped their platform...the app store I bet was derived from installer...

bdsams said,
I wish that Apple would accept that jailbreaking has actually helped their platform...the app store I bet was derived from installer...

they should accept it but not ignore the vulnerability of the hacks used to do it. if they didnt patch it, it would only be a matter of time before someone made something more malicious to take advantage of "a single swipe of your finger to execute the unauthorized code." maybe make a legit way to do it that doesn't involve a gaping hole in the security?(not that that would ever happen)

Running unauthorized code can't never be help in all circumstances. Opening the platforms also means more security holes and unstable software. If you want to distribute free software just send it to the App store and don't charge for it.

Asides from Flash compatibility that Apple refuses to have, unlocking and developing, I don't see any point in having jailbreak unless you want to install pirated software, which is still illegal

rahvii said,
Running unauthorized code can't never be help in all circumstances. Opening the platforms also means more security holes and unstable software. If you want to distribute free software just send it to the App store and don't charge for it.

Asides from Flash compatibility that Apple refuses to have, unlocking and developing, I don't see any point in having jailbreak unless you want to install pirated software, which is still illegal

fail....

rahvii said,
Running unauthorized code can't never be help in all circumstances. Opening the platforms also means more security holes and unstable software. If you want to distribute free software just send it to the App store and don't charge for it.

Asides from Flash compatibility that Apple refuses to have, unlocking and developing, I don't see any point in having jailbreak unless you want to install pirated software, which is still illegal


You don't understand what your talking about so don't even type it. Apple locks down a sometimes 800 dollar device and tell you how to use it. No multitasking or certain apps that don't meet there approval like tethering something you should have a right to do since you own the hardware that can do it so to restate the post above me fail.

daftperception said,

You don't understand what your talking about so don't even type it. Apple locks down a sometimes 800 dollar device and tell you how to use it. No multitasking or certain apps that don't meet there approval like tethering something you should have a right to do since you own the hardware that can do it so to restate the post above me fail.

no multitasking? where have you been these past few months... sigh@ being misinformed. also the tethering was a block set up by at&t, not apple which only recently has changed with the same update that features the "non existent" multitasking

rahvii said,
I don't see any point in having jailbreak unless you want to install pirated software, which is still illegal

I bought Wi-Fi Sync from Cydia for my iPod Touch. It's a cool program, and works as it says it does. Combined with Veency and a program to keep the wifi on in sleep mode, I don't have to be anywhere near my iPod to add stuff to it. Apple won't allow any of those applications on their store, yet they're hardly illegal.

ILikeTobacco said,

no multitasking? where have you been these past few months... sigh@ being misinformed. also the tethering was a block set up by at&t, not apple which only recently has changed with the same update that features the "non existent" multitasking

If a developer doesn't update his app, that means there is NO multitasking. So you really need to become "informed" before calling someone else out.

And if I want to tether my phone, I will do it, since I'm paying for the data. With Jailbreaking, you can do that, and also with a Windows Mobile phone you can too, since things are open for the user to do what he/she wants.

Letting Apple control your life is kind of sad, but enjoy it.

andrewbares said,

If a developer doesn't update his app, that means there is NO multitasking. So you really need to become "informed" before calling someone else out.

And if I want to tether my phone, I will do it, since I'm paying for the data. With Jailbreaking, you can do that, and also with a Windows Mobile phone you can too, since things are open for the user to do what he/she wants.

Letting Apple control your life is kind of sad, but enjoy it.

He specifically said "No Multitasking" and did not mention a thing about lazy developers. It is the developers own fault for not updating their software, not Apples. It doesn't mean there is "NO multitasking." It means that the developer is a crappy developer and needs to update their software or not expect money from me.

Not sure how Apple has the ability to control your life. Did they pick your job, house, family, schooling or anything else? They don't even force you to use their phone. If you spend the money on it, it is because you choose to. Stop being a sensationalist and come back to the real world where some people actually research what they are buying and know what its limits are.

daftperception said,

Implying I know what I'm are talking about

By saying that you just invalidated your own post.

The iOS never had multitasking, and what iOS4 has is not real multitasking, but is a solution that works as if it were. It's just a different paradigm made around the fact that battery life is limited in portable devices. With this i'm not saying is good or bad. My point is that pretending that iOS suddenly will permit any App to run on the background is a little crazy. There's always the need to update apps when there's a big version change in an OS.

In the end, don't you see something off here? Why promote the open-ness of an Apple product when THEY HAVE NEVER BEEN OPEN. They always control from the hardware to the software of their products, they always sell the whole thing as a one product/service. Their point in making this is that by having total control they can mitigate a lot of problems and give more uniform solution.

If you need something open go buy an Android device which is made by Google. You will have more freedom and a lot of nasty updates, incompatibility across devices, etc etc... it's the trade off.

ILikeTobacco said,

He specifically said "No Multitasking" and did not mention a thing about lazy developers. It is the developers own fault for not updating their software, not Apples. It doesn't mean there is "NO multitasking." It means that the developer is a crappy developer and needs to update their software or not expect money from me.

Not sure how Apple has the ability to control your life. Did they pick your job, house, family, schooling or anything else? They don't even force you to use their phone. If you spend the money on it, it is because you choose to. Stop being a sensationalist and come back to the real world where some people actually research what they are buying and know what its limits are.

Yeah let me tell you multitasking on my 3G is working wonders. Can't enable it on the 3G even though the original Palm Pre had it since the beginning. I wish I could kill a process that is eating all my memory without having to do the contra code on my device. Free up unused memory? Can't do that either. Numerical Battery on my 3G nope can't do that either, but that is because it just doesn't have the capability (/s). How about full theme's for my phone?

You see when I jailbreak my phone I can do all that stuff. It doesn't take away from my device at all, and as you can see by all the pirated apps I listed that is all we jailbreakers do is install repo's for downloading pirated apps.

So you my friend are one of those people that need to actually get a first hand look at the process and the device and the options that are opened up before you just spout out the unauthorized code BS that everyone who is in love with Apple and their perfection of the iPhone does.