Well lookey see here, sounds like v1.1.1 isn't all doom and gloom after all. The iPhone dev community's apparently not only
moved past accessing the nigh-unbreakable file system protections
Apple implemented in the latest
iPhone and iPod touch firmwares, they've also managed to hack the SpringBoard app into shape enough to properly launch 3rd party apps (which were, as expected, recompiled to function with the new iPhone frameworks). The iPod touch has apparently also been hacked for root access, and apparently those freshly recompiled apps are functioning there as well. But it's still not without some bad news: unfortunately, it sounds like most (if not all) of these new hacks rely solely on that single TIFF exploit in Mobile Safari, meaning that everyone's back to square one the moment Apple beams v1.1.2 to the public at large.
Read - Hacker toc2rta confirms the exploit and functionality
Read - iPhone jailbroken, apps installed
Read - iPod touch jailbroken
posted Oct 8th 2007 at 10:24PM
Reader Comments (Page 1 of 2)
john @ Oct 8th 2007 10:31PM
Think of all the great 3rd party apps these talented individuals could be writing instead of having to spend their time and efforts fighting Apple for the ability to do so. Thanks Apple.. I'm sure Apple will brick it again..
imacmatt09 @ Oct 8th 2007 10:53PM
1.1.2 is going to be a Safari update that blocks TIFF images.
mushrooshi @ Oct 8th 2007 11:40PM
Is this the same john as in all the other posts?
John @ Oct 9th 2007 12:30AM
there are an awful lot of us who didn't think through choosing the name for our comments. Some of us are lowercase j (see above), some are uppercase (
halfeatenfish @ Oct 9th 2007 1:02AM
There's one thing that confuses me. Am I right in that these hacks all require taking advantage of an exploit? In other words... does that mean that we're on Apple's case for closing security holes that could be used to execute arbitrary code? I know that the 3rd parties writing these apps are doing it for the greater good, but couldn't someone use these same exploits for less honorable means?
I mean, if iPhones were having security problems we'd be bashing the hell out of Apple for leaving holes in the system.
I think I'm just confused. Can somebody tell me the diff between the good security holes and the bad ones?
I have a funny feeling that things will change when Leopard ships.
turn_self_off @ Oct 9th 2007 2:11AM
openmoko, nuff said...
Cleverboy @ Oct 9th 2007 3:44AM
@halfeatenfish
It's exactly what it looks like. Aside from clearing the Springboard plist, Apple redid the poor security from 1.0x thereby making it difficult for unauthorized 3rd party apps to get back in. A new security hole was discovered, and 3rd party apps are back. Theoretically, all the work used to hack native support again, could be used to hack the crap out of your phone, should you navigate to the wrong website.
You could find yourself with a new icon on your home screen, that you couldn't remove... automatically treating you to spyware and NSFW moments at its leisure... ON YOUR PHONE (I can see the YouTube spoof right now, cueue the music). I knocked Apple for the dialerbug problem (lets you fake the number the user okayed to call), and the WiFi flaw wasn't pretty either. Hopefully they get this one too. I'm going to hand it to these guys, but still wait for Apple's 3rd party solution. This isn't the way. I'm hitting the iPhone Tech Talk today here in Beantown.
Typhoid Mary @ Oct 9th 2007 10:29AM
@mushrooshi
Why not click on his name and see his profile and find out?
bugmat @ Oct 9th 2007 11:35AM
@Cleverboy - I agree that ultimately nasty types could also use these exploits for nefarious deeds, which is why i think Apple should just relent and provide everyone with an honest-to-goodness SDK for mobile OSX.
...And if they don't, we can always update and wait for the pirate versions of those Apple-supported apps that are obviously on the gravy train to Cupertino ;)
easty @ Oct 8th 2007 10:31PM
Another pic
http://www.hackint0sh.org/forum/showthread.php?t=10373
Awesome
MaDKernell @ Oct 8th 2007 10:33PM
Just as i said: "Its just a matter of time." hack the iphone!!!
Xavier Gill @ Oct 8th 2007 11:02PM
You bless us with your mighty prediction, Oracle
tape @ Oct 8th 2007 10:32PM
Slap a gui on that sucker and make it a 1 click process.
dUN @ Oct 8th 2007 10:33PM
Buying a $399 iPod Touch is only the beginning of the fun part~
See a Gateway laptop price is diving under $300!
Terc @ Oct 9th 2007 12:47PM
I'd love to see you stuff that 15.4" widescreen laptop in your pocket.
Addison Hardy @ Oct 8th 2007 10:36PM
This is really getting ridiculous. Steve Jobs said it himself: It's a cat and mouse game. I found it unbelievable that a company like Apple would play such a game. It is CLEAR that consumers want 3rd-Party Applications, so what is the business gain behind trying to disable them? I would see 3rd-Party apps as being a big marketing plus for Apple, and considering the number of tools already available based on hacked toolchains, if Apple wrote a real SDK imagine the possibilities. Seriously Apple, stop playing games and trying to disable useful/fun software that has already been written (without any assistance from you!)
SHOTT3R @ Oct 8th 2007 11:16PM
Uh, the business gain in disabling 3rd party apps that consumers clearly want?
Oh, let's see...maybe the money Apple can make both charging a licensing fee to software developers AND charging their beloved customers for the software?
mitchell @ Oct 8th 2007 11:20PM
My guess would be that Apple wants a piece of the application profits. I'm not sure how they are considering implementing such a mechanism, but it must be the reason they are fighting this. Again, Apple COULD be doing this to ensure a high quality phone first, but I wonder.
ssuk @ Oct 9th 2007 2:43AM
You cannot create apps to curcumvent their carrier locks! That's disgracing the mighty Apple policy of screwing their fanbase over!
Long @ Oct 9th 2007 12:39PM
I think it has to do with more with ATT than simply Apple wanting to make more money selling apps. If you look from an ATT business model that they have used in the past, they cripple phones functions, make you pay data plans that cost more than the iphone data plan, charge you monthly fees for apps, ringtones, videos.
I saw a third party program that made the iphone gps-like by using triangulation. Well, ATT and other carriers like Verizon would rather charge you $10 a month for the kind of service so they force the manufacturers to cripple built-in GPS chips. Also crippling blutooth so that it can only be used with headsets rather than sending files is another example. I think Apple might be hamstrung by their contract with ATT, although they can always blame ATT for the contract while still taking in a percentage of the monthly fees that ATT brings in.
Wiggles @ Oct 9th 2007 5:26PM
The thing is, now that Apple started the game, they can't just back out and give the cheese to the mouse. It makes the cat look weak.
Addy Osmani @ Oct 8th 2007 10:37PM
Let me get this straight...
There is only ONE exploit that Apple needs to close to prevent the new jailbreak from working and engadget is TELLING them what it is?
Nice work guys. Keep it up.
AndrewNeo @ Oct 8th 2007 10:55PM
Apple would have found out rather quickly, if not even for news/blogging outlets. All they have to do is peek into the hacking community and viola.
IndiaTech @ Oct 8th 2007 11:53PM
You know felines like to play with their prey before they GO for the kill...
Josh @ Oct 8th 2007 10:45PM
As long as there is a demand for hacking apps and hackers willing to devote time to making them, this will continue. Apple ought to take a hint from the large number of Windows exploits over the years; people will always find a way around safeguards/restrictions/DRM.
Anyone else notice that open-source Linux is much more secure than Windows? That's because any developer can make improvements to it.
I'll keep my T-Mobile 1.02 for now. It's not like I'm gonna BUY music anyway. :)
Yan Morissette @ Oct 8th 2007 10:52PM
WHY does this remind me of PSP homebrews...?
Xavier Gill @ Oct 8th 2007 11:06PM
Because its very similar, only Sony were never stupid/evil enough to intentionally brick peoples PSPs
Xavier Gill @ Oct 8th 2007 11:06PM
Because its very similar, only Sony were never stupid/evil enough to intentionally brick peoples PSPs as a scare tactic
Twitchy @ Oct 8th 2007 11:37PM
Umm, Xavier Gill, Sony did show some malice - PSP's sporting TA-082 motherboards (and rumour has it one or two of the others) will brick if one tries to install a geniune PSP FW after having downgraded it before. Sony messed with the later FW so that if some checksums didn't match-up it bricked.
dagamer34 @ Oct 8th 2007 11:44PM
Actually, Sony made a specific PSP motherboard TA-082 that would brick when you tried to downgrade to the 1.50 kernel.
rawhead @ Oct 9th 2007 1:44AM
Needless to add (one would hope) that there is no proof whatsoever that Apple intentionally bricked the iPhones with 1.1.1. and as a matter of fact, according to none other than Erica Sadun, one of the core members of the 1337 hackers, Apple probably tried hard to PREVENT hacked iPhones from bricking. So...
ENOUGH WITH THIS CONSPIRACY THEORY FOR CRYIN' OUT LOUD. At least, stick with innocent until proven guilty.
Yan Morissette @ Oct 9th 2007 8:38AM
Not saying they bricked them intentionally. Just the idea of cat and mouse with a new patch that breaks apps and then a new hack that makes it ok again then another patch that breaks and so on... it reminds me of PSP homebrew (which is a "war" no one will ever win)
rawhead @ Oct 9th 2007 10:23AM
Oops, sorry Yan, I was replying to Xavier. Shoulda made that clearer.
dj-kenpo @ Oct 8th 2007 10:52PM
that title was a little misleading ryan. you got my hopes up for apps on the ipod touch, I think you need to reword that
JL @ Oct 8th 2007 10:53PM
Does this seem eerily familiar to anyone? Sounds like the same kind of stuff going on with Sony and the PSP - hee hee
Reader @ Oct 8th 2007 10:58PM
I really hope Apple doesn't play the bullshit game of trying to beat hackers with new firmware, maybe someone should show them how successful that is (PSP anyone?).
Josh @ Oct 8th 2007 11:04PM
So, does this mean full iCal on the touch or should i hold off on buying a touch for a while longer? I just want a freaking iPDA.
john @ Oct 8th 2007 11:09PM
LOL!
I suggest holding off for iPDA. I sure am!..or an unlocked proper iphone, or a better phone from a competitor (that doesn't have sharing issues).
sva @ Oct 8th 2007 11:08PM
Great job Dev team. Anybody taking bets as to when the new firmware (bug fixes inc. safari exploit) will appear?
Michael @ Oct 8th 2007 11:11PM
You know Apple, you better take it while you can. One day no one is going to care.
oxjox @ Oct 9th 2007 12:34AM
Can someone explain this TIFF exploit? Is this TIFF the same as the image format and how does that have anything to do with unlocking an operating system?
Bri3D @ Oct 8th 2007 11:19PM
Maybe it sounds a lot like PSP because like, ya know, it's the same exploit and the same person?
Hmmm...
moree.tan @ Oct 8th 2007 11:22PM
Just as i said: "Its just a matter of time." hack the iphone!!!
Iain @ Oct 8th 2007 11:29PM
Can we not just have a separate iPhone section already so that those of us who don't care don't have to wade through every minute piece of non-news that gets posted?
I mean, seriously, on what other phone would be it news-worthy that someone has found a way of using your own ringtones? It's a farce.
Joseph Panzner @ Oct 8th 2007 11:33PM
Relax. That's all I have to say.
Iain @ Oct 8th 2007 11:38PM
I am relaxed.
I'm just sick and tired of being bombarded with so much iPhone-related spam.
illusion @ Oct 8th 2007 11:39PM
Um... How do i put this... There is a way. A separate feed. Eat the feed.
Twitchy @ Oct 8th 2007 11:42PM
I second the motion for a seperate iPhone feed - but not because I am sick of the iPhone stuff. To the contrary, I can't really get enough. But perhaps it would be a good idea to have an Apple feed, not just a dedicated iPhone one.
dj-kenpo @ Oct 8th 2007 11:47PM
from now on anytime engadget posts a news entry about samsung lcd's instead of skipping past them as I usually do, I'm going to click on them, then click to comment about how much disdain I have for said article.
why do these idiots keep popping up? STOP BREEDING!
Iain @ Oct 9th 2007 12:00AM
I'm not after a feed, I'm after the ability to read a what is, otherwise, an excellent tech-related blog without every second story being something related to the iPhone which, if it wasn't made by Apple, would never come anywhere near being news-worthy.
And, 'kenpo' feel free to think or do what you want but I fear that your comments and actions will prove that only one of us is the idiot - and it won't be me.
If you can't see the ridiculous bias in coverage this one item gets over everything else and how many of the articles that are posted about the iPhone are completely redundant then, frankly, you must be blind. You say you'll spam every article about Samsung displays - so that'll be product releases and reviews, as opposed to separate news stories for every app released, every step in trying to unlock and re-unlock the iPhone, stories *counting down* to a commercial piece of software being released to unlock the iPhone.
Whilst I don't expect everyone to agree with me (ie not iPhone owners and Apple fanboys), my point is valid.