Apple patches up common iPhone jailbreaking exploit

Wed, Oct 14, 2009

News

MobileCrunch reports:

For the past seven months, jailbreaking (opening an iPhone to applications not signed by Apple for installation) has relied on an exploit dubbed “24kPwn”. We’ll skip the technical voodoo for the sake of not putting you straight to sleep, but here’s the important bit: in the latest batch of iPhone 3GS units to hit the shelves, the exploit has been fixed. Unless a new exploit is discovered (and, with each patch, this is becoming less and less likely), any iPhone 3GS to ship after last week will not be jailbreakable.

If you want the full technical rundown of the exploit, you can find it here. In its simplest form: as with all computers, the iPhone requires something called a “Bootrom” to startup. During the startup process, one stretch of code in the Bootrom fails to ensure that the content being loaded is within a certain size limit. By throwing more instructions at that chunk of code than it’s intended to handle, exploiters are able to make the iPhone do damn near whatever they want; in this case, the jailbreaking process.

Does anyone even really care about jailbreaking a iPhone anymore?  Is the desire for a customizable homescreen really that powerful?

MobileCrunch, though, brings up a good point which might explain why Apple finally decided to patch up the above mentioned exploit.  You see, one of the things that a jailbroken iPhone allows you to do is install pirated iPhone apps and completely bypass the iTunes App Store sandbox, and thereby screw both Apple and affected developers out of any revenue from app sales .  Some iPhone developers, such as Beejive (which develops an IM app for the iPhone) for example, are reporting that up to “80 percent of their users are pirates.”  And for an app that’s priced at $9.99, as BeejiveIM is, that level of piracy ads up real quick and can potentially destroy a developers ability to earn any substantial revenue.

The app store is and will continue to be the key differentiate among all the other mobile app stores, and you can bet your bottom dollar that Apple will do all it can to keep it running like a well-oiled machine.

  Share

, , ,

2 Comments For This Post

  1. Trent Says:

    Did you really just ask this “Does anyone even really care about jailbreaking a iPhone anymore? Is the desire for a customizable homescreen really that powerful?”

    Jailbreak allows much more than just a “customizable homescreen”. It unleashes the real power of the phone. I can’t get over that question?

    Apple will burn millions of dollars if it tries to take up this fight. It all comes down to passion. Think about it. It must be a pain in the butt for an Apple employee to get the assignment to block a jailbreak hack. He doesn’t just have to block the hack but all the while making sure that by doing so he doesn’t screw things up for non-jailbreak folks. And that same Apple employee is probably running a jailbroke iPhone in his pocket. I seriously doubt this person has the passion for closing that vulnerability that jailbreak hackers have for discovering it and opening it up to the world.

    Hackers are passionate about what they do. They love what they do and they look at things like this new bootrom as a challenge. Have you ever been to a hacker convention. The energy is off the charts. These guys are highly intelligent and lets face it, they’re a worldwide community that would probably make Apple’s workforce look like a mom & pop shop in comparison.

    I really think it’s Apple that will be frustrated over time, and with Android, WebOS and dare I say it – Windows Mobile 7 (next year) breathing down Apple’s neck, they will have to become more open to survive.

    There are always vulnerabilities to be exploited…and will always be. My bet is we’ll be seeing another jailbreak exploit discovered in the next few weeks.

  2. Brad Says:

    Good job Trent. You called it, can you say Blackra1n. This author was way off base saying that a jailbreak is nothing but changing the homescreen.

eXTReMe Tracker