Hacker finds iOS 4.1 bootrom vulnerability

By Nomad_
in Back Page News

 Share

Recommended Posts

Experienced

Nomad_

Posted
Posted

Hacker finds iOS 4.1 bootrom vulnerability that can jailbreak all current hardware

http://www.geek.com/articles/apple/hacker-finds-ios-4-1-bootrom-vulnerability-that-can-jailbreak-all-current-hardware-2010099/

Yesterday?s release of iOS 4.1 was good news for iPhone gamers and iPhone 3G owners who had performance issues post-4.0, but bad news for jailbreakers, with the Dev Team themselves warning users not to upgrade to 4.1 as there was no known way to reverse the baseband post-update.

As usual, though, what?s true in the cat-and-mouse jailbreaking scene one day is not true the other, and now there?s good news for jailbreakers, at least in theory. iPhone hacker pod2g has revealed on Twitter that he has successfully discovered a new bootrom exploit, and even better: all the new iOS hardware including the iPhone 4 and new iPod Touch is vulnerable to it.

The good news here is that means that Apple would be powerless to patch this vulnerability through software, since its a hardware issue? but that won?t necessarily stop them from patching up the issue at the factory for any hardware that comes down the line in coming months.

So, in theory, the Dev Team should be able to use this to jailbreak any iPod Touches and iPhone 4s currently in the wild? but given Apple?s historic response to jailbreaking, don?t expect this vulnerability to last. If you want a new iPod Touch or iPhone 4, and if you want to jailbreak it, buy your device now? if you buy it in a few months, you may very well be out of luck.

Grand Master

Panacik

Posted
Posted

Hacker finds iOS 4.1 bootrom vulnerability that can jailbreak all current hardware

http://www.geek.com/articles/apple/hacker-finds-ios-4-1-bootrom-vulnerability-that-can-jailbreak-all-current-hardware-2010099/

Yesterday?s release of iOS 4.1 was good news for iPhone gamers and iPhone 3G owners who had performance issues post-4.0, but bad news for jailbreakers, with the Dev Team themselves warning users not to upgrade to 4.1 as there was no known way to reverse the baseband post-update.

As usual, though, what?s true in the cat-and-mouse jailbreaking scene one day is not true the other, and now there?s good news for jailbreakers, at least in theory. iPhone hacker pod2g has revealed on Twitter that he has successfully discovered a new bootrom exploit, and even better: all the new iOS hardware including the iPhone 4 and new iPod Touch is vulnerable to it.

The good news here is that means that Apple would be powerless to patch this vulnerability through software, since its a hardware issue? but that won?t necessarily stop them from patching up the issue at the factory for any hardware that comes down the line in coming months.

So, in theory, the Dev Team should be able to use this to jailbreak any iPod Touches and iPhone 4s currently in the wild? but given Apple?s historic response to jailbreaking, don?t expect this vulnerability to last. If you want a new iPod Touch or iPhone 4, and if you want to jailbreak it, buy your device now? if you buy it in a few months, you may very well be out of luck.

I believe there is also a known vulnrability in the iOS itself which will allow for a type of usenet jailbreak similar to the jailbreak.me site? Although this could\would be patched by a software update, for now, it would be great if someone would release a jailbreak using this method until the bootrom exploit is configured correctly.

I know the current JBs for 4.0.2 work in 4.1, but result in the phone app missing, but im thinking of running the JB and fixing the app myself, until an official JB is released in the comeing days.

Grand Master

Panacik

Posted
Posted

No point in having more than one exploit out in the wild since Apple will just patch it and then when the next version comes out it can't be used. :p

Urm, but why not use the current software exploit to create a usenet jailbreak, whilst the bootrom JB is being created. After that Apple can patch the software exploit all they want.

Experienced

Nihilus

Posted
Posted

Its funny how companies put sooo much money in to protecting their products and before or soon after some is released, it gets hacked. They cannot win so why do they bother.

To make it difficult :)

If enough users did it, and they could do it with the simple download of one application for all firmware releases, it would be a lot more common. As it is many users stay away because they fear bricking their phones, they don't understand what firmware version they have or what program to use to do it. Or they've just never thought of the benefits and label it as "something geeks do".

IMHO apple have had reasonable success keeping people from doing this, I know plenty of people who refuse to jailbreak pretty much solely for the above reasons.

Grand Master

timster

Posted
Posted

Its funny how companies put sooo much money in to protecting their products and before or soon after some is released, it gets hacked. They cannot win so why do they bother.

first, i am assuming you are referring to Apple since this is an iOS thread.

Apple should just give up because people found and took advantage of a hole in the iPhone/iPad/iPod Touch?

Apple is a publicity traded company worth billions of dollars, there's a clear and obvious reason they continue to patch the software, not to mention the number of people that would out of work if they were no longer writing and fixing the software

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Samsung is shutting down yet another app used by millions

      By +Edouard · Posted

      That's not clickbait. Clickbait is headlines like, "You'll never guess what this person looks like now" for example. For goodness sake, take a look around the internet if you think this is clickbait. How do sites survive if people don't click through to articles? How many people in all honesty would have clicked this if it had your suggested headline? You and those upvoting your post won't be happy until the web is a couple of hundred websites all behind a paywall.
    • HopToDesk 1.46.2.0

      By Copernic · Posted

      HopToDesk 1.46.2.0 by Razvan Serea HopToDesk aims to improve the user experience by providing a free, easy-to-use, and secure remote desktop solution for all major device types including Windows PC, Mac, Linux, Android, Chrome Books, iOS, and even Raspberry Pi devices. HopToDesk empowers you to connect, control, and collaborate with ease. Whether you're providing IT support, managing remote teams, or accessing your own devices from anywhere, HopToDesk offers a reliable and secure solution. HopToDesk does not and cannot monitor user activity as the application uses end-to-end encryption for all traffic, and does not make a distinction between personal and business use (both are allowed). Additionally, HopToDesk includes many of the main features of common remote desktop solutions such as Unattended Access, File Transfer, Live Chat, Wake-On-LAN, 2FA, Direct IP access, a Recent Session and Favorite list, and is available in over 20 languages. HopToDesk can run in portable mode or installed on desktop operating systems. Installation is optional, and will install the HopToDesk service which runs in the background and listens for incoming connections, allowing the device to be accessible at all times. Why Choose HopToDesk? Completely Free: Enjoy full access for both personal and commercial use—no hidden fees or limitations. End-to-End Encryption: All communications, including screen sharing, file transfers, and chats, are protected with robust encryption. Open Source: Contribute to and benefit from a transparent and community-driven project. No Account Required: Connect instantly without the need for sign-ups or subscriptions. Core Features Remote Control & Screen Sharing: Effortlessly access and manage remote devices. File Transfer: Securely send and receive files with drag-and-drop simplicity. Live Chat: Communicate in real-time during sessions. Multi-Monitor Support: Navigate multiple screens with ease. Clipboard Synchronization: Copy and paste seamlessly across devices. Wake-on-LAN: Power on remote systems remotely. Session Recording: Document sessions for future reference. Two-Factor Authentication: Enhance security with an additional verification layer. Custom Branding: Personalize your remote sessions with custom avatars. Unattended Access: Connect to devices without requiring user intervention. Network Customization: Adjust settings like TURN relays and signaling servers to suit your environment. Centralized Device Management Utilize the HopToDesk Dashboard to: Monitor device status in real-time. Generate invite links for easy device integration. Customize network settings and synchronize changes effortlessly. Add a personal touch with custom avatars displayed during remote sessions. Download: HopToDesk 64-bit | HopToDesk 32-bit | ~9.0 MB (Freeware) Download: HopToDesk ARM64 | 21.4 MB Link: HopToDesk Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Steam Next Fest returns with thousands of new demos to try out

      By PSG1 · Posted

      Or use Epic games and get full games for free. lol Steam and their demos. Thankfully there’s competition
    • Forza Horizon 6 gets big bug-fixing and balancing update

      By Defiantly · Posted

      Maybe I missed it, but does this say anywhere that the game save bug has been squashed? I haven't encountered it myself, but it would be nice to know I'm good to go. Anyway, amazingly well done game. Mostly more of the same. ...but when the same is best in class with improved graphics and features, then a win.
    • Major Xbox layoffs may claim South of Midnight developer Compulsion entirely

      By corrosive23 · Posted

      Well when your game flops, you should expect this. If I do bad at work, I would expect a layoff. Less than 1600 people played it on steam. https://steamdb.info/app/1934570/charts/

  • Recent Achievements

    • Reacting Well
      Almohandis earned a badge
      Reacting Well
    • First Post
      Cosminus earned a badge
      First Post
    • One Year In
      ThatGuyOnline earned a badge
      One Year In
    • Week One Done
      Jeroen Wilms earned a badge
      Week One Done
    • Week One Done
      rolfus earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      476
    2. 2
      +Edouard
      181
    3. 3
      PsYcHoKiLLa
      118
    4. 4
      Steven P.
      83
    5. 5
      neufuse
      73
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!