Blobs are fetched, IPSWs Downloaded, iDevices Backed Up! Now the wait for the latest public jailbreak continues. The latest team includes @pimskeks, @planetbeing, @pod2g, and of course @MuscleNerd. Supposed to drop early tomorrow, but some suspected (myself included) that it might get released on “Funday.”
This jailbreak will support EVERY iPod Touch, iPhone, iPad, or iPad Mini running iOS 6.0-6.1. No doubt that atv2 support will come quickly after. No news yet about atv3.
Official Evad3rs Site
Another Java privilege escalation exploit spotted in the wild. Trojans and web based java classes are already installing remote access tunnels into Macs across the globe. Apple finally updated their java binaries and you should too! Protect yourself! Just run Software Update from the Apple menu.
Apple Info:
http://support.apple.com/kb/HT5228
More info (including a AppleScript test for infection):
http://mashable.com/2012/04/05/mac-flashback-trojan-check/
This is Deja Vu of an attack from years ago where RAM was accessed from the firewire buss. This study published back in Sept 2011 (that i am late to discover) revisits this attack on Lion. Security researchers from frameloss published the specifics on an attack and how to avoid it. Learn how your password could be extracted from your computer’s memory via your firewire port. Even when you thought it was locked! Even with FileVault!
Mostly you must turn off fast user switching, and activate a feature that dumps the password for added security. read all about it here. . .
He passed his double exploit untether to both the chronic Dev team and the iPhone Dev team and today we receive the bounty. this untether relies on the linera1n exploited published by Geohot and therefore is only available on devices previously tethered. In other words no iPad 2 or iPhone 4s yet.
The iPhone-dev team has announced iPhone 4 jailbreak thanks to another user land exploit from @comex. This is good news for all 4.0 devices although no release date has been given. I am sure that there is much work yet to be done.
@_snagg and @esizkur discovered a safari exploit! does this mean the return of jailbreakme.com? this effects ALL touch devices and is present in 3.1.3! this is one that will effect all users, jailbroken or not. They presented this year at #cansecwest’s pwn2own.
UPDATE
It seems that this is not a root exploit, they bypassed code signing using return-oriented programming. That is still pretty neat, but it means my hopes for jailbreakme.com’s return are all but dashed.
more info: http://www.theregister.co.uk/2010/03/25/pwn2own_2010_day_one/