Older Apple iOS devices must jailbreak to be secure -- oh the irony
By Thomas Ricker 
posted August 13th 2010 2:06AM
posted August 13th 2010 2:06AM
posted August 13th 2010 2:06AM
A look back on popular stories from today in a specific year.
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
@Kineas To be clear, Apple succeeded at their patch. They tested their code for a week, and they nailed it. However, they consider the original generation of iPhones and iPod Touches, devices which many users are still using (as they are only a few years old: typically support for such systems is five or ten years, not two or three), to not be worthy of this security fix, so the millions of users of those devices are simply going to get converted into a giant botnet soon. :(
@saurik i got that, the problem is if this bug exists over several versions of iOS or however it's called then probably the code is not different. So a patch could have been created for the 3rd version also. Probably with little hassle.The botnets wouldn't be that dangerous, they would be on under-clocked processors running on 2g network speeds. No threat in the modern world. Maybe just some password steals, but that's all that will happen to them.
Also Apple wants to call others lazy, tell me who in the department over there though it was ok to release a 300 mb - 800 mb update for a pdf exploit. That is all it is for. There is no reason for a simple patch to be that big,
When you update your iPhone, you have to download the entire OS. That's why the file sizes are so large. I think it's really stupid, but I guess it's how Apple likes to do things. It's the same procedure with iTunes updates--you have to download the entire thing again which is like 70MB.
Fragmentation!
I can't find this on cydia, anyone else?
@Sicarius123
Yep, just search PDF, comes right up.
@Sicarius123 Found it easily, make sure your refreshing your sources properly.
@PavelAK
Yea I don't think it updated properly on 3G for me when I posted this, but later on wifi it was there.
I don't understand how Apple can allow people to lock themselves into a 2 year contract on a device they know they are not going to support for the full two years and they will punish you if you try to support it yourself. How are they not being sued?
@unf2011 I am guessing freedom of contract.... gotta love capitalism!!! They talk about being so green, and then turn around and release what amounts to throw-away, disposable phones. I can STILL use my n95 to this day and I got it before the first iPhone was available. I think the last OS update was a few months ago... maybe longer. I finally upgraded to an n900 though--hopefully it lasts as long.
The whole point of the iOS 4.0.2 update isn't to make you more secure, it's to close the hole that people are using to jailbreak their iOS devices. Normally Apple can take up to 6 months to issue security patches. The only difference this time is the jailbreak exploit. That's why there is no security update for 2 year old devices. Apple doesn't care. This is major BS because till the 3gs realesed in june of '09 the 3g was Apples top of the line iOS product. That was only 14 months ago. Barely more than a year.
I have the iphone 4, 4.0.1, 16gb, should i download this pdf patch?
@ProfessorJordan The PDF patch is for 3.X for 4.x use PDF Warner by cdevwill
@ProfessorJordan Yes if you have anything below 4.0.2 you should download this patch. The poster above me is incorrect
I solved all those problems the easy way. When AT&T gave me the full upgrade early, presumably to buy the iPhone 4, I debated and then while debating my next move the Samsung Captivate came to AT&T. One $200 purchase later and I don't have to watch Apple like a hawk and I love my phone again. Problems solved.
@ShadoeKnight Downgrading to an inferior phone isn't a "solution"...iPhone 4 is superior in everyway when compared to the captivate. From hardware to OS...
@Gregtotheizzo the only thing that I know to be inferior is your mom.
@Taller Which proves my point. Can't post facts about the captivate that won't be destroyed by facts about the iPhone 4 so you result to immature "yo momma" jokes. Which speaks a lot about samsung captivate owners.
This article is still full of fail, there's no need to change your ssh password. If you install SSH when you go on public wifi just turn ssh off...in 2010 can you please tell me the "risks" of jailbreaking? Bricking is impossible since 2008, anything "goes wrong" restore and try again...
Scare tactics much? Lol. Please be real of you're going to even "pretend" to be in the scene.
@Gregtotheizzo ...so you are a poser troll? wtf...
@Taller He has a freaking point, infact, Should you really be using SSH when you could use iFiles built in wifi drive, or iPhone explorer that all don't use SSH to get to the root files. Just don't be an idiot and jailbreaking is all choice people "protest" about Apple, If Apple gave you the choice people "protest" for, the phone would be jailbroken by default basically and no one would be complain.
PS I saw this second post, and you're the troll here
@Gregtotheizzo
When I installed SSH every time the phone rebooted SSH would turn back on.
Girlfriend forgot to turn it off when she rebooted her phone because it was playing up and got rick rolled standing in line at Subway.
Was a massive pain to get all that rubbish out of her phone.
SSH is definitely something to be careful about.
Yeah, they just don't care really.
Hey I'm using a 3G and was having issues with the 4.0 update. Then with the 4.0.1 update it improved a little. Now with the 4.0.2 update my 3G feels like a totally new phone. Don't know what else Apple put into the update but my 3G runs as smooth as it did before 4.0. So those 3G owners who don't wanna jailbreak can rejoice as they can now safely update to 4.0.2 without fear of performance issues.
Know what's really annoying, Engadget? Putting a link in the article with the text "jailbreakme.com" and instead of it actually linking to the site like any normal website URL link would do, you link it to you own article from less than 2 weeks ago.
haha this is absolutely hilarious.
So is Jason the patch or the hack
@TPAYNE87 "Jason" is the name of the developer, but that part was photoshopped by Engadget. It is supposed to read "Jay Freeman (saurik)"... I have no clue why they did that.
@saurik
Hey!
It's Saurik in the (virtual) flesh on Engadget!
thanks for this patch and all of your hard work in the JB scene!
WTF. That screenshot is a photoshop. My name is /not/ "Jason". The screen from Cydia clearly says "Jay Freeman (saurik)". What possible value is there in modifying that image? :(
@saurik It's Friday the 13th on Engadget, and it's all Jason Vorhees, all the time. See http://en.wikipedia.org/wiki/Jason_Voorhees for an explanation.
@chandler Thanks. Personally, I prefer sites that claim to be news sites to publish accurate information, but I can at least appreciate the concept. (I learned my lesson on this sort of thing when an April Fools that I put on the Cydia website got taken seriously by a very large number of users in the worldwide community. I was then careful this year to do something that, if misinterpreted, would not cause any confusion: the joke was that there was no joke.)
I'd be surprised if they didn't release an update to iOS 3.1.3 for the iPhone 2G and 1st Gen iPod Touch that fixes this problem. I guess what was more important was patching things for their more recent consumers. It sucks, but it makes sense I guess.
Right. So Apple is being bashed for not supporting devices that are more than 2 years old with the latest OS patches, but nobody bitches that most Android phone makers don't even properly support 6 month old to 1 year old hardware with the latest Android OS updates?
Hmmm, pot calling the kettle black it seams. Sorry Apple haters, but any way you want to spin this, Apple still provides better OS update support than pretty much the majority of smartphone makers.
@madgunde Oh, really should add, how long has Android been on the market? Not even 2 years, and the first devices that were released can't even update past Android 1.5 or 1.6. Even Apple's iPhone 3G which is over 2 years old can be udpated to the latest version of iOS.
Wake up and smell what you people are shovelling already. Bloody Apple haters.
@madgunde As far as I know, there are no known security flaws in Android 1.5 or 1.6 that are capable of being triggered by something as innocuous as visiting a website or clicking an e-mail attachment. Therefore, despite being vaguely saddened that these Android devices manufacturers don't bother releasing updates to their products, no one actually having a clue as to what is going on believes it to be their /responsibility/ to release these updates, lest millions of devices in the wild suddenly start being used as expensive botnets, bringing wireless networks around the world to a halt.
@saurik You just have to look to find them:
http://web.nvd.nist.gov/view/vuln/search-results?cid=3
Now the second half of your post about botnets I didn't really understand, probably would be easier to read of it was split into multiple sentences. I suspect you were making note of Apple's userbase still running iOS 3 being large enough to be worth making a botnet out of, but I just want to point out that there really aren't that many original iphones still in use (as a phone), so I suspect as usual the threat is overblown (wow, big surprise there). Meanwhile, Google allows malicious software to appear on the Android store on a scarily regular basis.
Apple may be readying a security update for iOS 3.1.3 devices as we speak They are likely using the 90/10 rule, putting resources into parching the largest user base first. If Engadget were any kind of real journalistic source of news, they would have likely approached Apple for comment. But they're not. They are simple hit-whores who would rather stir the flame war pot and put up sensational headline than care about anything unimportant like facts or the truth.
The PDF patch is clearly for those jailbroken iphones running 4.0.1 that do not want to upgrade to 4.0.2. Sure it can be used on older iphones, but thats not what its meant for. Anyone on the 2G or 3G still clearly never use their phones anyways.
When will be da nx jail break come out for ios4.2