[tarabukka]

iOS has a jailbreak for every single version. Some have even used a variety of exploits to do this straight from the web. Apple have no magic up their sleeve that makes iOS 'more secure'; they are running on a normal CPU with a normal kernel. Apple users are more proactive in updating because they're nagged by the interface they're forced to use (iTunes) to update.

[runjake]

> iOS has a jailbreak for every single version.

This is absolutely untrue [1] and frankly, you have no clue what you are talking about. Please leave your platform cheerleading at the door.

iOS 6.x can be jailbroken on some older devices because the hardware is pwned. This is "Once I have physical access, I own the whole castle" in practice.

But the latest versions of iOS still haven't been broken on the 4S (which isn't owned hardware-wise), 5, iPad 2, iPad 3, iPad 4, iPad Mini.

IOW, the last two generations of iOS devices.

And when a version is jailbroken, Apple patches it pretty quickly -- thereby closing that vulnerability to malicious attackers.

> Apple have no magic up their sleeve that makes iOS 'more secure'

Actually, they have a range of security technologies that make iOS more secure. [2]

> Apple users are more proactive in updating because they're nagged by the interface they're forced to use (iTunes) to update.

I don't get nagged. I get a popup, which I can dismiss. And I get a little red 1 on my Settings icon. I am not nagged. But to tell the truth, I wish Apple would follow Android's suit and make it nag the living hell out of you. That would get more iOS users to stay current. But studies show they keep pretty current anyway and I'm not sure why it works so well, to be honest.

1.http://www.jailbrea.kr/

2. http://images.apple.com/ipad/business/docs/iOS_Security_May1...

[tarabukka]

>Please leave your platform cheerleading at the door.

And then you link me to an Apple security document that basically says (but in Apple style) "we encrypt a lot of stuff and use standard kernel-level security".

[runjake]

If it's "standard", why is Google not doing it/doing it half-assed with Android? I think that's my entire point, which you continue to ignore.

I don't know of an Android version on any device that isn't rooted. There might be a few in the small minority, though. Most every bootloader, with the exception of several Motorola bootloaders, has been cracked/unlocked, etc.

[gmac]

Apple users are more proactive in updating because they're nagged by the interface they're forced to use (iTunes) to update.

The reason doesn't matter here, does it?

It's also because updates are certain to be available for several years after a device's launch. Unlike some Android handsets, for which support is quickly abandoned.

[Tloewald]

Jailbreaking is generally voluntary on the user's part. Correct me if I'm wrong but insofar as you could jailbreak an ios device by visiting a url that would be an epic zero day exploit. Apple's secret is not allowing you to download and execute code from random websites. Oh, and memory protection.

[tarabukka]

The exploit used in comex's jailbreakme was just a PDF vulnerability. Sliding the "slide to jailbreak" simply loaded the correct PDF with some JavaScript; it wasn't actually needed.

Memory protection? That's a basic feature of a kernel? Are we talking about each platform's ability for native code to mmap() executable memory or something?

[runjake]

I think he's talking about stuff like ASLR, which didn't even begin to approach robustness until Android 4.1. iOS has had the jump (pun intended) on that for a while.

[Tloewald]

The original article concerns a bypass of application address space.