While the hoopla surrounding the recently released iOS 4.3.4 (and iOS 4.2.9) focused on it killing the PDF exploit that allowed JailbreakMe.com to function — and could potentially allow bad guys to attack the iPhone and iPad as well — it looks like Apple also patched an exploit that had been used to achieve untethered Jailbreakers since iOS 4.1. According to @i0n1c:
For those that did not get it: iOS 4.3.4 does not only fix jbme3 as announced, but also silently kills the ndrv_setspec() integer overflow.
In addition to that iOS 4.3.4 also adds code to dyld to detect attacks with binaries using “incomplete code signing”.
“Incomplete codesigning attacks” were used for all untether exploits from at least iOS 4.1.0
Wonder if {Apple] only tried to stop my xploit from modifying LCs at runtime with the new check, or if they knew it would stop [incomplete codesigning] attacks.
That last tweet revives the debate about wether or not Apple is simply concerned about iPhone, iPad, and iPod touch security, or if they’re specifically targeting Jailbreak exploits to close down. Some, like JailbreakMe.com, are such a risk Apple closes them as soon as possible. Others, like ndrv_setspec() survived for months and several IOS updates.
Either way, we once again thank the Jailbreak developers for their time and tenacity in always looking for new exploits and new ways to Jailbreak.
[@i0n1c, thanks @sethclifford]
No comments:
Post a Comment