Hacker finds iOS 4.1 bootrom vulnerability

By Nomad_
in Back Page News

 Share

Recommended Posts

Experienced

Nomad_

Posted
Posted

Hacker finds iOS 4.1 bootrom vulnerability that can jailbreak all current hardware

http://www.geek.com/articles/apple/hacker-finds-ios-4-1-bootrom-vulnerability-that-can-jailbreak-all-current-hardware-2010099/

Yesterday?s release of iOS 4.1 was good news for iPhone gamers and iPhone 3G owners who had performance issues post-4.0, but bad news for jailbreakers, with the Dev Team themselves warning users not to upgrade to 4.1 as there was no known way to reverse the baseband post-update.

As usual, though, what?s true in the cat-and-mouse jailbreaking scene one day is not true the other, and now there?s good news for jailbreakers, at least in theory. iPhone hacker pod2g has revealed on Twitter that he has successfully discovered a new bootrom exploit, and even better: all the new iOS hardware including the iPhone 4 and new iPod Touch is vulnerable to it.

The good news here is that means that Apple would be powerless to patch this vulnerability through software, since its a hardware issue? but that won?t necessarily stop them from patching up the issue at the factory for any hardware that comes down the line in coming months.

So, in theory, the Dev Team should be able to use this to jailbreak any iPod Touches and iPhone 4s currently in the wild? but given Apple?s historic response to jailbreaking, don?t expect this vulnerability to last. If you want a new iPod Touch or iPhone 4, and if you want to jailbreak it, buy your device now? if you buy it in a few months, you may very well be out of luck.

Grand Master

Panacik

Posted
Posted

Hacker finds iOS 4.1 bootrom vulnerability that can jailbreak all current hardware

http://www.geek.com/articles/apple/hacker-finds-ios-4-1-bootrom-vulnerability-that-can-jailbreak-all-current-hardware-2010099/

Yesterday?s release of iOS 4.1 was good news for iPhone gamers and iPhone 3G owners who had performance issues post-4.0, but bad news for jailbreakers, with the Dev Team themselves warning users not to upgrade to 4.1 as there was no known way to reverse the baseband post-update.

As usual, though, what?s true in the cat-and-mouse jailbreaking scene one day is not true the other, and now there?s good news for jailbreakers, at least in theory. iPhone hacker pod2g has revealed on Twitter that he has successfully discovered a new bootrom exploit, and even better: all the new iOS hardware including the iPhone 4 and new iPod Touch is vulnerable to it.

The good news here is that means that Apple would be powerless to patch this vulnerability through software, since its a hardware issue? but that won?t necessarily stop them from patching up the issue at the factory for any hardware that comes down the line in coming months.

So, in theory, the Dev Team should be able to use this to jailbreak any iPod Touches and iPhone 4s currently in the wild? but given Apple?s historic response to jailbreaking, don?t expect this vulnerability to last. If you want a new iPod Touch or iPhone 4, and if you want to jailbreak it, buy your device now? if you buy it in a few months, you may very well be out of luck.

I believe there is also a known vulnrability in the iOS itself which will allow for a type of usenet jailbreak similar to the jailbreak.me site? Although this could\would be patched by a software update, for now, it would be great if someone would release a jailbreak using this method until the bootrom exploit is configured correctly.

I know the current JBs for 4.0.2 work in 4.1, but result in the phone app missing, but im thinking of running the JB and fixing the app myself, until an official JB is released in the comeing days.

Grand Master

Panacik

Posted
Posted

No point in having more than one exploit out in the wild since Apple will just patch it and then when the next version comes out it can't be used. :p

Urm, but why not use the current software exploit to create a usenet jailbreak, whilst the bootrom JB is being created. After that Apple can patch the software exploit all they want.

Experienced

Nihilus

Posted
Posted

Its funny how companies put sooo much money in to protecting their products and before or soon after some is released, it gets hacked. They cannot win so why do they bother.

To make it difficult :)

If enough users did it, and they could do it with the simple download of one application for all firmware releases, it would be a lot more common. As it is many users stay away because they fear bricking their phones, they don't understand what firmware version they have or what program to use to do it. Or they've just never thought of the benefits and label it as "something geeks do".

IMHO apple have had reasonable success keeping people from doing this, I know plenty of people who refuse to jailbreak pretty much solely for the above reasons.

Grand Master

timster

Posted
Posted

Its funny how companies put sooo much money in to protecting their products and before or soon after some is released, it gets hacked. They cannot win so why do they bother.

first, i am assuming you are referring to Apple since this is an iOS thread.

Apple should just give up because people found and took advantage of a hole in the iPhone/iPad/iPod Touch?

Apple is a publicity traded company worth billions of dollars, there's a clear and obvious reason they continue to patch the software, not to mention the number of people that would out of work if they were no longer writing and fixing the software

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Windows Server gets DNS over HTTPS (DoH) support

      By binaryzero · Posted

      Server Summit had a heap of announcements, ADCS changes are baller.
    • Linux 7.1 arrives with an NTFS overhaul and major hardware performance boosts

      By Max Norris · Posted

      Nice, hope they *finally* fixed the issue with the NTFS driver where the system would completely brick during large file copies using the built in driver. It's been broken for years requiring me to use the older, slower, NTFS-3G FUSE driver.
    • Windows 11 KB5094126 BSODing, freezing, forcing BitLocker lockout, breaks OneDrive, and more

      By hellowalkman · Posted

      Windows 11 KB5094126 BSODing, freezing, forcing BitLocker lockout, breaks OneDrive, and more by Sayan Sen Microsoft released Windows 11 KB5094126 and KB5093998 last week as the latest Patch Tuesday updates. Following that the company also published the accompanying dynamic updates under KB5094149, KB5095971, and KB5094156. While Microsoft has so far not acknowledged any major problems with the release, some users online are running into problems. These range from OneDrive and Dropbox access issues, BitLocker recovery lockouts, to blue screens and BSODs. The most common one seems to be happening with HP systems wherein affected users say they hit 0xc0430001 BSOD (blue screen of death) error code after the KB5094126 update. We wonder if this could be related to the recent bug we covered on HP devices wherein the ongoing Secure Boot certificate updates are leading to similar issues. While we are not certain, users affected by this issue likely need to ensure that the boot.stl file is included on the installation media (such as a USB installer or ISO), if the above-mentioned dynamic updates are deployed. If this file is missing, computers may fail to boot from the installation media and could display the error 0xc0430001. This STL file is used by Secure Boot to verify that the boot files are trusted, so it must match the same Windows version and system architecture. To ensure the file is included, Microsoft recommends using the Update WinPE script, which automatically updates the image and handles the required files. Alternatively, you can manually copy the boot.stl file from the Windows\Boot\EFI folder on a Windows device and place it in the matching folder on your installation media before deploying the updated image. Aside from blue screening some users also note their systems have been freezing following the update. This could be happening to Lenovo PCs specifically. In the case of the OneDrive and Dropbox access issues, a user figured out that there could be a conflict with UAC. He explained: "Okay, so I did some digging, and in our environment KB5094126 breaks OneDrive and Dropbox in Explorer. I went through all our GPOs and found out that the combination of disabling UAC and having my user being a local admin breaks OneDrive in Explorer. ... If I enable UAC again, then it works, even with KB5094126 still installed." Hopefully, Microsoft will look into these issues. Source: Microsoft forum (link1, link2, link3, link4), Reddit (link1, link2, link3, link4)
    • Here is how I fixed Windows 11 not booting after clean installation

      By rseiler · Posted

      It is when it's a desktop in my house though for a PC that's lightly used and not really important when it is. If it was a laptop, it would be a different story. The real solution is varied and begins starting at post #22 in that thread.
    • Microsoft hides these secret Windows 11 performance boost settings available on every PC

      By hellowalkman · Posted

      well that's the plan

  • Recent Achievements

    • Week One Done
      Jeroen Wilms earned a badge
      Week One Done
    • Week One Done
      rolfus earned a badge
      Week One Done
    • One Month Later
      Leroy Jethro Gibbs earned a badge
      One Month Later
    • Conversation Starter
      flexorcist earned a badge
      Conversation Starter
    • One Month Later
      AndreaB earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      508
    2. 2
      +Edouard
      198
    3. 3
      PsYcHoKiLLa
      138
    4. 4
      ATLien_0
      90
    5. 5
      Steven P.
      81
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!