Security Consultant to Unveil New Jailbreak Process Next Week

Security Consultant to Unveil New Jailbreak Process Next Week

Posted by · 32986 views · Translate
Security consultant Stefan Esser is set to unveil a new jailbreak method and utility that fortifies iDevices with ASLR, according to the Register.

Esser will present his new jailbreak process at the Power of Community Security Conference on December 14 in Seoul, South Korea. A new tool called "Antid0te" will simplify the procedure.

ASLR makes your device more resistant to malware attacks by randomizing the memory locations where injected code is executed.

"When you jailbreak it, it breaks a lot of security of a normal iPhone," hacker Charlie Miller told The Reg. "With Stefan's stuff, now maybe it's an option, if you're a security-conscious person, to still jailbreak your phone because you can pick up ASLR, which is going to make it a lot harder to do exploits."

"This enables users with jailbroken iPhones to create their own set of dyld_shared_cache files that have completely different library load addresses from every other iPhone in the world," Esser wrote in an email. "This is already a better ASLR than what exists on Snow Leopard because different applications can use different shared caches and therefore different load addresses."

We'll keep you up to date with more information as it develops...

Read More

Security Consultant to Unveil New Jailbreak Process Next Week
Jay Freeman (saurik)
Jay Freeman (saurik) - December 11, 2010 at 11:13pm
This has absolutely nothing to do with the jailbreak tool involved: creating and specifying the usage of dyld cache files does not require kernel patches or any accessto the system above and beyond a userland program. There is absolutely no reason why this \"new process\" isn\'t just a package you can download and install on your already jailbroken tool other than vanity. Charlie should be ashamed of himself for continuing to perpetuate this FUD.
Jay Freeman (saurik)
Jay Freeman (saurik) - December 11, 2010 at 11:22pm
\"already jailbroken tool\" -> \"already jailbroken phone\" Also, another commenter, not as a top-level comment but as a reply to another, has stated this isn\'t a jailbreak method at all, so this article may simply be misleading. (Regardless, I would love if Charlie explained how jailbreaking a phone opened up as many security issues as he likes to claim it does. From my understanding of the kernel patches involved and what is disabled, you aren\'t much better off than on a stock phone as far as exploits are concerned. Meanwhile, your ability to install security tools like this address space randomizer and your ability to patch outstanding exploits (Apple /still/ hasn\'t released a PDF security update for the original iPhone and never will: to be safe you /must/ jailbreak) mean that it should be pointed out that the reality is that jailbroken phones tend to be on the forefront of security.
curiositykilledthecat - December 10, 2010 at 5:04am
im no programming wiz but .... shouldnt you keep your cards closed so that apple wont try to patch up your exploit before its actual release?
Micked - December 10, 2010 at 6:22am
Nothing in the text says what he found and how he is going to do it.
hippoMan - December 11, 2010 at 12:57am
It just means that jailbroken iphones will become more secure than nonjailbroken phones... but if apple implements this in an update it could backfire and make the hunting for exploits even harder
1 More Comment