Just one day back, Apple released iOS 4.3.4 for iPhone, iPad and the iPod touch. The reason behind this was that the company wanted to patch a security vulnerability that could put millions of iOS devices at risk. Well, Apple didn’t just patch that vulnerability, it also patched untethered jailbreak exploits that were previously used to jailbreak iOS untethered up to iOS 4.3.3.
First up, let’s understand what JailbreakMe was all about, and why it compelled Apple to release iOS 4.3.4. Comex discovered a vulnerability in iOS Safari that allowed root access to the device. A PDF exploit was developed which allowed a faster jailbreak on supported iOS devices, particularly the iPad 2, which can not be jailbroken using any other method. Now Comex released PDF Patcher 2 in order to close this vulnerability after the jailbreak had been done, PDF Patcher 2 also retains that jailbreak. Though it was evident that Apple would release a firmware upgrade to officially patch this vulnerability, so it did. Enter iOS 4.3.4, which not only patches the vulnerability present in mobile Safari, but also makes you lose the jailbreak. iPad 2 jailbreakers are definitely not happy. As for Comex, he’s back to the drawing board.
On the other hand, that’s not all that iOS 4.3.4 does. Regardless of the fact that except fixes and patches, iOS 4.3.4 brings nothing new, it does patch two previous exploits that were used to jailbreak iOS firmware tethered since the long gone days of iOS 4.1.0. The scenario has been explained in detail by Stefan Esser in his tweets:
“Incomplete codesigning attacks” were used for all untether exploits from at least iOS 4.1.0
In addition to that iOS 4.3.4 also adds code to dyld to detect attacks with binaries using “incomplete codesigning
For those that did not get it: iOS 4.3.4 does not only fix jbme3 as announced, but also silently kills the ndrv_setspec() integer overflow.
If you’re still in the dark, please note that no iOS 4.3.4 untethered jailbreak is going to come out any time soon now. These two very important untethered exploits have now been patched, further confirming our fears that jailbreaking the next iOS firmware is going to be hard. For now we can only suggest that you save iOS SHSH blobs and stick with an iOS 4.3.3 untethered jailbreak. Yes, we know that you can jailbreak iOS 4.3.4 using redsn0w, but the fact remains that its a tethered jailbreak, and not everyone is comfortable with hooking up their device to the computer each time it requires a reboot. For many jailbreakers, an untethered jailbreak is a must.
We’ll keep updating you as we hear more on iOS 4.3.4 untethered jailbreak. Stay tuned!