This Week's Sponsor:

Incogni

Put an End to Spam, Scams, and Robocalls on Your iPhone

JailbreakMe: The Good, The Bad and The Pointless

A few hours ago @comex finally released his universal jailbreak tool for iPhone, iPod Touch and iPad called “JailbreakMe”. Unlike many previous jailbreak tools released in the past three years, this time you don’t need a computer to install Cydia on your device: jailbreakers are using the cloud now, and all you have to do is visit a website in Mobile Safari and wait for the exploit to “land” on your home screen.

Of course Apple isn’t happy about jailbreak. They never were. But this time - this time they have a pretty big issue on their hands. JailbreakMe seems to be based on a PDF vulnerability that is activable in Safari and, potentially, could lead to malicious software sent to users via emails and the browser.

Comex knew that Safari automatically downloads PDF files, and he managed to inject the necessary jailbreak code in the PDF decoder, thus allowing you to install Cydia by just visiting a website. For users, it’s magic. But if you think about it, for users and Apple this is a problem. Like I said, I wouldn’t be surprised to see malicious softwares floating around in the future, all based on browser vulnerabilities. This is a common situation for desktop users, and it’s kind of a first on the iPhone. There were some similar hacks in the past, but this is so huge it won’t go unnoticed. So, I’d expect an iOS 4.0.2 update fixing “critical PDF vulnerability” very soon.

Still, who’s to blame? Apple, for leaving this PDF hole out there? Or is Comex a genius for finding out about it? I say both. Vulnerabilities are a problem - especially on the iPhone, or Apple devices in general - but it’s when hackers find out about them and release tools based on them that Apple has to intervene.

As for the jailbreak itself, I’ve just jailbroken a 3GS and it worked good. Cydia is pretty unstable at the moment, but I’m used to it. What bothers me, though, is that jailbreak on the iPhone 4 is pointless right now. Apps aren’t updated for the Retina Display, and tweaks such as SBSettings, LockInfo and Activator are buggy, slow and unsupported. Why release a universal jailbreak when, actually, it is not universal? Just for the sake of it? Couldn’t they seed jailbreak builds to selected developers, like Apple does, in order to assure compatibility when the jailbreak is released publicly?

Furthermore, it looks like it may also break FaceTime and MMS. I did not jailbreak my iPhone 4 - it’s simply not worth it.

A while ago I wrote that jailbreak on iOS 4 still matters. The thing is, it matters if Cydia developers want it to be revelant. Otherwise, I’m out of this game.

Join

Access Extra Content and Perks

Founded in 2015, Club MacStories has delivered exclusive content every week for nearly a decade.

What started with weekly and monthly email newsletters has blossomed into a family of memberships designed every MacStories fan.

Learn more here and from our Club FAQs.

Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with apps, tips, automation workflows, longform writing, early access to the MacStories Unwind podcast, periodic giveaways, and more;

Club MacStories+: Everything that Club MacStories offers, plus an active Discord community, advanced search and custom RSS features for exploring the Club’s entire back catalog, bonus columns, and dozens of app discounts;

Club Premier: All of the above and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.

Federico is the founder and Editor-in-Chief of MacStories, where he writes about Apple with a focus on apps, developers, iPad, and iOS productivity. He founded MacStories in April 2009 and has been writing about Apple since. Federico is also the co-host of AppStories, a weekly podcast exploring the world of apps, Unwind, a fun exploration of media and more, and NPC: Next Portable Console, a show about portable gaming and the handheld revolution.

@viticci
@viticci
@[email protected]
@viticci.macstories.net
[email protected]