iPhone Firmware 1.1.2 Hacked Before Release

When Apple announced the release of the iPhone for the UK, it also announced that iPhone and iPod touch firmware version 1.1.2 would be released at the same time. Released today, firmware 1.1.2 closes the TIFF vulnerability in mobile Safari that was used to jailbreak firmware 1.1.1. Confirmed by DailyTech, the TIFF vulnerability no longer works. However, despite Apple's effort to lockdown the iPhone and iPod touch, firmware 1.1.2 has already been jailbroken.

View: Full Story @ DailyTech

Report a problem with article
Previous Story

WinPcap 4.0.2

Next Story

In Memory of Dave Morse, Amiga Co-Founder, 1943-2007

39 Comments

Commenting is disabled on this article.

Apple should grow a pair and become a software company. Then we'd have OSX for the masses, lots of applications for the iPhone and iPod, and the consumer would win.

It will never happen though. Apple is making too much money from overpriced hardware and vendor lock in :(

I dream of the day when Windows, OSX, and Linux have 33.33333% market share each. That won't happen either

*Pssst*...got a secret for you. According to Steve Jobs, Apple already consider themselves primarily a software company;

“The big secret about Apple, of course–not-so-big secret maybe–is that Apple views itself as a software company and there aren’t very many software companies left, and Microsoft is a software company. And so, you know, we look at what they do and we think some of it’s really great, and we think a little bit of it’s competitive and most of it’s not. You know, we don’t have a belief that the Mac is going to take over 80% of the PC market. You know, we’re really happy when our market share goes up a point and we love that and we work real hard at it, but Apple’s fundamentally a software company and there’s not a lot of us left and Microsoft’s one of them.” - Steve Jobs

Apple is a software company, according to Steve Jobs's own words in a dual interview with Bill Gates. He made a point of saying that both Microsoft and Apple are software companies.

EDIT
Phantasmorph beat me to it. :P

They're wasting their time trying to fight the community. The community has the dedication and the time to hack anything they put out. I understand if they have to look like they're trying to stop the jailbreaks in order to placate carriers who got exclusive deals for the iPhone, but really...it's pointless.

Toology said,
Apple is a software company, according to Steve Jobs's own words in a dual interview with Bill Gates. He made a point of saying that both Microsoft and Apple are software companies.

EDIT
Phantasmorph beat me to it. :P

They're wasting their time trying to fight the community. The community has the dedication and the time to hack anything they put out. I understand if they have to look like they're trying to stop the jailbreaks in order to placate carriers who got exclusive deals for the iPhone, but really...it's pointless.

Sorry.

phantasmorph said,
*Pssst*...got a secret for you. According to Steve Jobs, Apple already consider themselves primarily a software company;

Don't believe everything Jobs says in an interview when he's sitting right beside Gates. He's playing the "we have some things in common" card. It's purely for PR purposes. Here's the real deal, as I mentioned about a week ago:

Apple is a hardware company

This point cannot be emphasized strongly enough. Apple is a computer hardware company. Selling hardware is how Apple generates most of its revenue. Their operating system software may well be the best aspect of their computers, but that does not make them a software company. Anyone who claims that Apple could simply switch to being a software company and make up for lost hardware revenue by selling additional software doesn’t understand how the company operates.

During the brief period of time when Apple licensed the Mac OS to other manufacturers, their revenue tanked. Too many people bought cheap clones from PowerComputing and Umax instead of higher-priced Macs from Apple, and the licensing revenue didn’t compensate for the lost hardware revenue. The situation may well have been good for Mac users, but it was terrible for Apple’s bottom line.

No matter how badly people clamor for it, Apple is never going to release a version of Mac OS X that runs on standard Wintel PC hardware. Whether it’s possible or not, it isn’t going to happen. A frequent comment regarding this rumor is something like “I’d love a version of Mac OS X that ran on my PC.” Sure you would. Apple’s Switch campaign is an attempt to get PC users to buy thousands of dollars of Apple hardware, not hundreds of dollars of Apple software.

But let's really get to the bottom of it: Apple as a hardware-only company would be dead. Apple sells dreams - it sells an experience, which is what many Mac users like calling the "Apple Experience." OS X - that precocious, beautiful love-child of the FreeBSD and NeXT et al. marriage, is the fulcrum upon which all else turns.

So Apple as a software-only company? Dead. That famed reputation for stability that comes from software wedded to hardware would soon vanish. And Windows is ubiquitous. Head-to-head with Windows' licensing scheme would mean a quick death for Apple, no matter how good the software is. Go where the money is. And it isn't in software.

So Apple is both a hardware and a software company . . . that makes the bulk of its revenue by selling hardware. One has to admit, OS X can take whatever evolutionary turn it wants, but if it doesn't come installed on Apple's Magic Boxes, forget it.

So go where the $$$ is, and not where Steve Jobs tells you in an interview beside the competitor who just so happens to make a particular office product that many Mac users still feel compelled to use.

"Sure, we're a software company just like Bill over here. And there aren't many software companies left, so it's Bill and me against the world . . . and hey, we go way back, don't we Bill . .?"

Brings a tear to your eye, doesn't it?

If Apple wanted to hit it big in the OS department, they'd drop the whole "Mac only" thing. You can't tell me that OS X for PC wouldn't hit it off. Only problem would be the heavy decrease in stability, which would tarnish the name Apple likes to hold for itself. I guess instead of trying to make it work, they'd rather just make it work for a specific set of hardware, and make you cough up the dough.

The Intel switch brings us one step closer to Apple licensing OS X. Once it has enough alternative revenue streams (iPhone, iPod, iTunes, Apple TV etc) and once it can no longer turn a profit on Macs, Steve will "flick the switch".

Neomac v6 said,
The Intel switch brings us one step closer to Apple licensing OS X. Once it has enough alternative revenue streams (iPhone, iPod, iTunes, Apple TV etc) and once it can no longer turn a profit on Macs, Steve will "flick the switch".

Once it can no longer turn a profit on Macs

When will this happen, exactly?

Look at the numbers.

That's like saying once Honda will stop producing cars, we won't have Honda cars.

LTD said,

I spose you are their propaganda man so i guess you woudl know ? but yeah all us not mac users have been not believing Jobs all along, why woudl we start now.

but apple is definatel not a computer hardware company, seeing asus make their computers for them

Dakkaroth said,
Only problem would be the heavy decrease in stability, which would tarnish the name Apple likes to hold for itself. I guess instead of trying to make it work, they'd rather just make it work for a specific set of hardware, and make you cough up the dough. :/

and this is the ONE reason why it is more stable, hell if MS only had a couple of models of hardware they needed to support, windows would be way more stable, instead windows supports everything!! you have to expect some compatibility issues.

Not many people on a mobile platform...but it's very widely used in the design and print industries due to it's flexibility. It supports multiple layers/images per file and both compressed/uncompressed raster and vector lines can be stored within.

hahah yep, the tiff exploit originallyopened up the PSP, next thing you know GTA will be used to crack the iPhone :)

a lot of similarities between this and the PSP, hacked(tiff exploit)/firmware update(fixed tiff exploit)/hacked(not listed in article)/ wait for the firmware update and the next hack.

i guess it's gettign harder and harder to use the old MAC favourite "It Just works" anymore. well unless you read it differently i.e. it only "just" works

This is not a jab at Apple and their fanboys, but rather about the notion of Apple delivering the most secure OS. I think this should be a good indicator that Macs aren't as secure as they are touted to be. Granted this is a phone, it is still running Apple's proprietary software, which I would think is be based around similar technologies used in the tried and true OSX, should it not? That isn't to say the iPhone or OSX aren't secure, I'm not saying this at all. However, when I see this happening, continually, it definitely goes against the argument of it being the most secure OS. With that said, I would still perfectly fine running OSX without any antivirus or malware programs if I had it, exactly as I do with Vista. This is not a flame, nor is intended to start flaming, just pointing out the obvious facts. As the article points out: "In its current stage, the new jailbreak requires several steps in order to complete, and is by no means release ready and user friendly."

What I do like about this, however, is that it helps bring Apple down back to planet Earth a little bit at a time with each security breach, so to speak. This will keep them on their toes and push them to make an even better and more secure product.

The hackers aren't breaking into YOUR phone, they're breaking into their OWN phone, then posting instructions on how others can break into THEIR own phones. It isn't being done remotely.

How is this a security issue?

In terms of OS X, there is not one virus, spam or spyware that can gain access to your machine without user authentication.

LTD said,
The hacker's aren't breaking into YOUR phone, they're breaking into their OWN phone, then posting instructions on how other's can break into THEIR own phones. It isn't being done remotely.

How is this a security issue?

In terms of OS X, there is not one virus, spam or spyware that can gain access to your machine without user authentication.

So you're saying that this is no cause for concern about security issues in the iPhone? This isn't security threat? No need to talk DOWN to me like I'm so kind of FOOLISH kid with your CAPITALIZED words. Sheesh.

Apple's operating systems are "secure" because few people bother to mess with it, *not* because it's actually secure. That's why they have fewer virii, too. It's a second-rate, unpopular, and -- for all intents and purposes -- an obscure operating system. The fact that it has *any* virii or exploits is amazing.

If few people used Microsoft's operating systems, they'd be just as "secure."

Mathachew said,

So you're saying that this is no cause for concern about security issues in the iPhone? This isn't security threat? No need to talk DOWN to me like I'm so kind of FOOLISH kid with your CAPITALIZED words. Sheesh.

If it isn't being done remotely, it's not an issue.

If it asks for user authentication, it isn't an issue.

The capitalized words are there for emphasis, not condescension.

Mathachew said,

So you're saying that this is no cause for concern about security issues in the iPhone? This isn't security threat? No need to talk DOWN to me like I'm so kind of FOOLISH kid with your CAPITALIZED words. Sheesh.

what he actually meant by using capitalized letters is telling you that you are a dumbass with no clue on wtf you are talking about. and he's correct.

nonick said,

what he actually meant by using capitalized letters is telling you that you are a dumbass with no clue on wtf you are talking about. and he's correct.

That is quite the highly educated remark you made. You and your family must feel proud.

LTD said,

If it isn't being done remotely, it's not an issue.

If it asks for user authentication, it isn't an issue.

The capitalized words are there for emphasis, not condescension.

Who's to say that the methods by which these hacks occur wouldn't expose a flaw in the phone that would allow an unauthorized remote access? I'm not saying that automatically if the phone is hackable locally then it must be remotely, but from a business stand point it doesn't bode well.

On an smaller, insignificant note, I can read your words just fine, if you want to emphasize, then do it with emphasis. Capitalized words indicate shouting. Please don't shout, it's not nice :P

Mathachew said,

Who's to say that the methods by which these hacks occur wouldn't expose a flaw in the phone that would allow an unauthorized remote access? I'm not saying that automatically if the phone is hackable locally then it must be remotely, but from a business stand point it doesn't bode well.

On an smaller, insignificant note, I can read your words just fine, if you want to emphasize, then do it with emphasis. Capitalized words indicate shouting. Please don't shout, it's not nice :P

Very well. If that's the case, I won't be so loud.

From what I've read, everything runs in Ring 0 on an iPhone. How's that security? It's Windows 95 all over again, but as an OS X derivative instead of being a Microsoft OS this time. Once you've broken user level security, you have the whole phone OS at your mercy.

A Clockwork Lime said,
Apple's operating systems are "secure" because few people bother to mess with it, *not* because it's actually secure. That's why they have fewer virii, too. It's a second-rate, unpopular, and -- for all intents and purposes -- an obscure operating system. The fact that it has *any* virii or exploits is amazing.

If few people used Microsoft's operating systems, they'd be just as "secure."

That tired old myth again? There are roughly as many OS X users as there were classic Mac OS users, and still zero OS X viruses in the wild, compared with dozens of viruses on the classic Mac OS.

Don't you think hackers would love the bragging rights of being the first to take down OS X? And how come at these events that are dedicated to hacking the Mac (eg CanSecWest) they have to keep relaxing the rules until someone gets in?

And trust me, OS X is getting less "obscure" and "unpopular" by the day. As for "second rate", I think you're getting it confused with Windows.

Neomac v6 said,

That tired old myth again? There are roughly as many OS X users as there were classic Mac OS users, and still zero OS X viruses in the wild, compared with dozens of viruses on the classic Mac OS.

Don't you think hackers would love the bragging rights of being the first to take down OS X? And how come at these events that are dedicated to hacking the Mac (eg CanSecWest) they have to keep relaxing the rules until someone gets in?

And trust me, OS X is getting less "obscure" and "unpopular" by the day. As for "second rate", I think you're getting it confused with Windows.

@ Clockwork

OS X a second-rate OS? ROFL. Oh man, thanks. I needed that. That's like saying Porsches suck or that Marlon Brando was a bad actor.

If you're talking obscuiruty, then what other OS, aside from Windows, isn't obscure? Windows is simply ubiquitous, but quality, fit-and-finish, stability, reliability, are other issues altogether. Then again, you might be right in a way. When's the last time you saw an Aston-Martin DBS on the road? OS X is not "common", as in"cheap and common."

LTD said,
The hackers aren't breaking into YOUR phone, they're breaking into their OWN phone, then posting instructions on how others can break into THEIR own phones. It isn't being done remotely.

How is this a security issue?

In terms of OS X, there is not one virus, spam or spyware that can gain access to your machine without user authentication.

Because it means a vulnerability exists, whcih is what you don't seem to understand, a vulnerability is a vulnerability, nothign happens until someone exploits the vulnerability, you can use the vulnerability for good (i.e. unlocking it) or bad (releaseign a virus on it)

a remote attack is just a different way of exploiting a vulnerability

nonick said,

what he actually meant by using capitalized letters is telling you that you are a dumbass with no clue on wtf you are talking about. and he's correct.

NO HE'S NOT.

Neomac v6 said,

That tired old myth again? There are roughly as many OS X users as there were classic Mac OS users, and still zero OS X viruses in the wild, compared with dozens of viruses on the classic Mac OS.

Don't you think hackers would love the bragging rights of being the first to take down OS X? And how come at these events that are dedicated to hacking the Mac (eg CanSecWest) they have to keep relaxing the rules until someone gets in?

And trust me, OS X is getting less "obscure" and "unpopular" by the day. As for "second rate", I think you're getting it confused with Windows.

You can't really believe it is more secure than linux can you, as far as i know linux has viruses, MAC users that don't realise why MAC has no Viruses are blind