iOS 4.2 Update Includes More than 80 Security Fixes, Jailbreak Here

Apple’s new iOS 4.2 update might fix more than 80 security holes in iOS but jailbreakers haven’t even blinked. In fact, Redsn0w 0.9.6b4 is already ready to jailbreak your iOS device. Unfortunately, the iPad is not yet supported for this one. Also, to clear up any confusion, iOS 4.2 is technically version 4.2.1. Details on the jailbreak and the security holes Apple patched up after the break.

Jailbreaks never come out this quickly. Fortunately, the Limera1n exploit developed by hacker Geohot and used by the Redsn0w jailbreaking tool looks to be holding up to its promises. The exploit targets the underlying firmware on iOS devices and not just the system software. In non-nerd speak, until Apple actually redesigns some stuff inside of the iPhone, it can’t stop jailbreakers.

Unfortunately however, the jailbreak is still ‘tethered’ for all newer devices. Also note that if you have your iPhone carrier unlocked through ultrasn0w, don’t use Redsn0w right now since it will update your baseband and render the unlock useless until a new one is developed.

Here’s a quick list of iOS devices that will need to be jailbroken each time you turn them on or restart them:

  • iPhone 3GS (new bootrom)
  • iPhone 4
  • iPad
  • iPod touch 2 (MC model)
  • iPod touch 3 and 4

Here’s which iOS devices are currently supported for an ‘untethered’ jailbreak:

  • iPhone 3GS (old bootrom)
  • iPhone 3G
  • iPod touch 2 (non-MC model)

In case you’re not sure if which bootrom version your iPhone 3GS has or if your iPod touch 2 is an ‘MC’ or not, do a quick Google search to identify your particular model. Apple updates the firmware inside of its iOS devices occasionally while they are still on the market to fix problems and keep jailbreaks out.

After you’ve figured out which device you have and whether or not a ‘tethered’ jailbreak is worth the trade-off between benefits and annoyance, find Redsn0w 0.9.6b4 online and a good guide. The process isn’t the simplest jailbreak designed yet. As always, make sure you backup your device before jailbreaking and keep in mind that the small chance of bricking it always exists if something goes horribly wrong.

So what about those security holes that Apple patched up? Well there are more than 80 of them so pardon me if I don’t go too far into detail. Yeah, I said more than 80. Apple has a policy of not telling anyone about security holes until it has already fixed them and now that iOS 4.2 is here, it has released a list of what it has fixed.

One of my favorite (I know, that’s bad isn’t it?) is a security flaw that lets a remote hacker execute code on the baseband through the “Temporary Mobile Subscriber Identity (TMSI) fields in GSM mobility management.” Now that would have been an interesting carrier unlock had someone actually used it.

Most of these exploits are directed towards the Webkit components in Apple’s Safari Mobile browser. Lots and lots of security holes there that have been around since iOS 2. For a full list, check out support.apple.com/kb/HT4456. Pretty interesting huh? So much for iPhone fan boys bragging about how much more secure iOS is than Android.

“***UPDATE: The RedmondPie is warning iPhone owners who rely on a carrier unlock for service with a network other than AT&T to “stay away” from Apple’s latest iOS update. iOS 4.2, 4.2.1 technically, will refuse to boot on an iPhone without the latest baseband version because Apple now actually checks to see if you actually updated it. Apple could have done this a long time ago. Why now? Maybe those marginalized T-Mobile iPhone rumors have some truth to them after all.”

Tags: , , , ,