NEWS FROM THE LAB - Wednesday, August 11, 2010

Apple Patches the JailbreakMe Vulnerability Posted by Mikko @ 20:04 GMT

Apple has today patched the JailbreakMe vulnerability. This was done via a new iOS operating system update.

The new operating system versions are 4.0.2 for iPhone and iPod Touch and 3.2.2 for iPad.

Installing the new operating system version is not mandatory. However, it is offered to all iPhone users as they connect their handset to their computers.

iOS 4.0.2

The operating systems are also available for direct download from these locations (about 300MB each):

  •  iOS 4.0.2 for iPhone 4
  •  iOS 4.0.2 for iPhone 3GS
  •  iOS 3.2.2 for iPad

Although we haven't yet seen malicious attacks via the JailbreakMe vulnerability, we recommend to install the patch right away.

This does mean that users who have jailbroken their devices and prefer to keep it that way will have to face the increased likelihood of malicious attacks through this vulnerability.

We recommend that all iOS users, including those who have jailbroken their devices, would install the latest update now.

More details on what was patched is available from Apple.

Updated to add: Jay Freeman (Saurik) has made an unofficial patch for one (CVE-2010-1797) of the two vulnerabilities patched by Apple. It's available for Jailbroken devices via Cydia, and will work also on the older devices that have not yet received any updates from Apple.