TUAW is reporting that .
(Note: I am assuming this means that the iPhone version 1.1.2 has been jailbroken too, although that remains speculation at this point. I will use iPhone to refer to both products throughout the rest of this article.)
The official release was today, although the firmware file was apparently available last night.
Now I’m not a programmer, but I have observed a lot about the iPhone development. When 1.1.1 came out, it took a (relatively) long time before someone cracked it. And they did so by finding a flaw (buffer overflow) which everyone knew would be fixed in 1.1.2.
About a week or so ago, a website () was setup which made jailbreaking an iPhone as easy as surfing to a website.
When asked about the wisdom of this, the developer’s response was interesting. Quoting Erica Sadun:
He replied that the team has built the new version of AppSnapp so that “once we find another way in, the resulting payload will work with no changes.” Good news for anyone who wants a great way to customize their system with minimal headaches! He also expressed hope “that Apple will stop this cat and mouse game and do the right thing come February.”
When I read that I wondered if they had already found another way in. Seeing how fast they’ve broken 1.1.2, I believe it even more.
Either one of two things happened: a) within a few hours of its release, developers found a flaw in 1.1.2 (after spending quite a long time trying to break into 1.1.1), or b) they already had a way and kept it to themselves to see if it would still work in 1.1.1.
Apple may be making the iPhone less secure by their actions. Normally when someone finds a bug, especially something as serious as a buffer overflow, they will report it so that it can get fixed in the next release. Apple has given a disincentive from reporting these bugs to them. Instead, it is much more likely that these bugs will be reported to (if not, in fact, discovered by) a group of nameless hackers out there.
It reminded me of an article I read (can’t find a reference to it now, sorry) about one of the new DRM schemes for either HD or Blu-Ray DVDs. There was a well-known crack circulated, which was then patched by the vendor. As soon as the new version was announced, SlySoft, makers of AnyDVD, announced they had found another hole in the DRM scheme. That gave them 90 days to exploit it, due to the fact that the DRM company had agreed not to post updates any more frequently than that.
Apple is not likely to release 1.1.3 soon on the heels of 1.1.2 to patch whatever hole was discovered by the iPhone DevTeam. Which means that the vast majority of iPhones are going to vulnerable to whatever exploit it being used to jailbreak it. (The 1.1.1 exploit was actually fixed by the AppSnapp folks after they used it to put their installer on your machine, putting users in the odd position of being more secure if they had added unauthorized 3rd party applications on their iPhone.)
Some many feel that these developers should be reporting the bugs to Apple, but Apple has painted themselves into this corner by making this an us-vs-them situation where they want absolute total control over the iPhone. If Apple wants a cat and mouse game, they can’t complain when the mouse outsmarts them. The real loser, however, is the average iPhone user who doesn’t want to jailbreak their phone (or, most likely, would have no idea what it means) who is using a phone with more bugs in it because of Apple’s obsessive control issues.