Apple fixes JailbreakMe flaws

published 12 August 2010

Apple has plugged the security holes used by the JailbreakMe app to allow non-approved apps to run on iPhones, iPads and iPod Touch devices.

The flaws could have allowed hackers to compromise iPhone devices as well as permitting the use of non-approved services, security experts had warned.

Now the Cupertino giant has fixed the vulnerabilities via a new iOS operating system update, as noted in an Apple advisory.

The updated versions are 4.0.2 for iPhone and iPod Touch, and 3.2.2 for iPad.

"Although we haven't yet seen malicious attacks via the JailbreakMe vulnerability, we recommend to install the patch right away," said Mikko Hypponen, chief research officer at F-Secure.

"This does mean that users who have jailbroken their devices and prefer to keep it that way will have to face the increased likelihood of malicious attacks through this vulnerability," Hyponnen warned in a blog post.

It has subsequently emerged that the creator of the jailbreak exploit has made the source code for breaking through the vulnerabilities public.

Going under the name of comex, the JailbreakMe 2.0 developer revealed on Twitter he had posted the code online.

The Jailbreakme app had garnered some support from parts of the tech community who wanted to use non-approved apps on Apple's devices.

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.

Get the ITPro daily newsletter