iOS 4.2.1 closes a number of holes, but has already been hacked

With version 4.2.1 of its iOS mobile operating system, Apple has not only added some new functions to its range of mobile devices, but also closed a number of security holes. According to Apple, attackers were able to use more than 40 of them to inject and execute malicious code on a victim's device. Most of the vulnerabilities are within the Safari WebKit-based browser engine, which means that victims need only to visit a specially crafted web site to be infected with malware in a variety of ways. Another hole was closed in the display of iAd advertisements which allowed attackers within the local network to initiate calls. A security flaw in the Photos app allowed attackers to get access to MobileMe access data, under certain conditions.

iOS 4.2.1 brings a number of new features and security updates. In contrast, Apple is powerless against the Limera1n exploit. Apple will probably only be able to remedy the hole in the boot ROM, which the hacker Geohot discovered and uses in his jailbreak tool, by adding a new boot ROM to future devices. As the iPhone dev team reports, iPhone 3G, 3GS and older second-generation iPod touch devices can be jailbroken in the usual manner after the update to iOS 4.2.1. The group is currently working on tools to jailbreak more recent models. At the moment, such devices as the iPad and iPhone 4 with iOS 4.2.1 can be unlocked, but the modification is not permanent. The device has to be reconnected with a computer (tethered jailbreak) to launch the jailbreak mode after every reboot, such as when the battery is completely drained. The Cydia packet manager also only runs with modifications, making it hardly worthwhile to jailbreak current devices.

See also:

• About the security content of iOS 4.2, security advisory from Apple.
• Main component of latest iPhone jailbreaking code released, a report from The H.

(crve)