Hacker News new | ask | show | jobs
by tptacek 2177 days ago
That's right, which is why we called it "jailbreaking" in the 1990s when someone got mad at you on IRC and jailbroke your machine and stole your mail spool. I mean, jailbroke your mail spool.

I take your point, which is that jailbreaking is good if what you want is to run random unapproved code on your machine. But you didn't seriously engage with the comment you rebutted, because it is also true that jailbreak prevention prevents persistent kernel compromise --- is in fact a predicate for preventing persistent kernel compromise --- which is a thing that really does happen; in fact, it's far more relevant to the overwhelming majority of Apple users than running unapproved code is.
1 comments
realusername 2177 days ago
I don't really have the same opinion on this, I consider the obscurity of the platform a security issue by itself. At the end of the day, remote jailbreak exploits are pretty rare nowadays so you need to have a real access to the machine.

To have an idea if an app is sharing your data you need to be jailbroken, to have an idea of what is being sent from your device you need to be jailbroken, to force a stricter control on apps you also need to be jailbroken. I mean, you get the point. Any action you could do regarding security requires you to be jailbroken first.

link
tptacek 2177 days ago
We're discussing this on a story about an untethered jailbreak --- a kernel RCE.
link
realusername 2177 days ago
Yes that's true indeed, I was talking in general. Maybe having a more opened device would help getting security fixes faster? One of the main reason this exploit was heavily obfuscated was to avoid Apple to patch it.
link
saagarjha 2177 days ago
I would doubt that. More likely, it was to keep the script kiddies away. (There’s currently drama going on in the community right now about stolen code…not that this us anything new :/)
link
lawnchair_larry 2177 days ago
This is neither untethered nor RCE.
link
lilyball 2177 days ago
Intentionally jailbreaking your phone isn't untethered or RCE. But this particular jailbreak could be combined with an RCE in any application running on the device in order to compromise the system.
link
lawnchair_larry 2177 days ago
No disagreement that a separate, unrelated remote RCE would indeed be a remote RCE. This is still a tethered LPE.
link
saagarjha 2177 days ago
Thethered, not untethered. There hasn’t been a tethered jailbreak in quite a while.
link