Bad News: iOS 4.3.4 Permanently Kills the 4.3 Untethered Jailbreak

By , Jul 17, 2011

Apple has begun to step up its game with patching jailbreak exploits in iOS. When Comex’s PDF exploit was used in the latest version of JailbreakMe, Apple pushed out iOS 4.3.4 about two weeks later to combat the security hole.

Jailbreakers on 4.3.3 (4.2.9 for the Verizon iPhone) can stay on their current firmware to keep their untether, but the bad news is that Apple actually patched the untethered exploit that’s been used by jailbreakers since iOS 4.1.

The hacker responsible for the original untether in iOS 4.3, i0n1c, explained on Twitter that Apple did more than just patch the PDF vulnerability used by JailbreakMe in iOS 4.3.4. The “incomplete codesigning attacks” used by all untether exploits since iOS 4.1 have also been blocked.

“For those that did not get it: iOS 4.3.4 does not only fix jbme3 as announced, but also silently kills the ndrv_setspec() integer overflow.

In addition to that iOS 4.3.4 also adds code to dyld to detect attacks with binaries using “incomplete code signing”.

“Incomplete codesigning attacks” were used for all untether exploits from at least iOS 4.1.0

Wonder if {Apple] only tried to stop my xploit from modifying LCs at runtime with the new check, or if they knew it would stop [incomplete codesigning] attacks.”

The untethered jailbreak distributed for iOS 4.3.x by tools like RedSn0w, PwnageTool and Sn0wBreeze is no longer usable exploitable. This doesn’t mean that another untethered exploit won’t be uncovered, but it’s a sure sign that Apple means business.

iOS 5 is a couple months away from its public launch, and we’re sure that the Dev and Chronic Dev teams are already looking at the beta SDK to uncover exploits for a future jailbreak.

Does this news about Apple patching the iOS 4.3.x untether scare you? Or do you have faith that jailbreak devs will continue to find a way around Apple’s restrictions?

[TiPB]

  • Share:
  • Follow:
  • Saltb0x

    scares me :'(

    • Mikey

      It didn’t scare me the chronic will find a way cause they found a way with the iPad 2 but it just might take some time though

      • SimonOrJ

        They’ll find another way with the future iPad 3, iPod Touch 5G, and iPhone 5G at all. They rock!

    • Geek

      Bad ass apple… HIRE THE JAILBREAKERS TO WRITE YOU IOS!!!

  • Christopher

    I just read this on another blog and people are already crying about how they updated by mistake and want an untethered jailbreak for 4.3.4, seriously, any hacker who potentially found a new hole to exploit would be so thick to waste on 4.3.4. People will just have to wait now until ios 5, that’s the logical thing to focus on but then there are always simple people who update “by mistake” lol and want a jailbreak now now now!

  • http://israblog.nana10.co.il/blogread.asp?blog=747869 Max

    Jailbreaking won’t stop, it may only slow down!! it has happened a few times when we were waiting for months for a jailbreak, but they always happened in the end, Apple won’t stop people that want to control their devices like they deserve :)

  • Juan

    Alex, help me understand this…

    I understand that ndrv_setspec() integer overflow has been patched. But what does this have to do with versions of iOS 4.3.3 and older? Are you suggesting Apple is going back to all previous version to patch them? It just doesn’t make any sense.

    I think you’ve misunderstood i0n1c. “Incomplete codesigning attacks” has been used since 4.1 does not suggest that earlier versions can no longer be jailbroken using pwnage tool, etc. Sounds like i0n1c was just saying that as an FYI.

    Now what your post does suggest is “Incomplete codesigning attacks” cannot be used starting with iOS 4.3.4…

    I’d honestly like to know how you concluded -> “The “incomplete codesigning attacks” used by all untether exploits since iOS 4.1 have also been blocked.”

    • Christopher

      I can’t see how Apple could patch anything but the current ios as most people actually already have a copy of the respective firmware they use in conjunction with their shsh so unless Apple have somehow crept into my house and patched my firmware files lol I think we are safe.

    • http://www.idownloadblog.com Alex

      No, the jailbreaks for the previous firmwares of course remain available because Apple can’t go back and update it’s already-released firmware versions. i0n1c’s untethered exploit from 4.3.x being blocked means the same exploit that was used on previous firmwares is no longer usable. It’s been “blocked” by Apple, but Apple can’t block previous firmwares for users that have SHSH blobs saved.

      • Massie

        One thing I’m still unclear on is the status of older firmwares that are still hosted on Apple’s servers. For instance, did they patch the FW used for 3G models, which I think stopped at 4.2.1 or so.

        Obviously the original releases can be found elsewhere, but I’m curious about how hard a line Apple will take with older firmwares.

      • Juan

        Alex, your post title does not reflect that notion. What this article should say is that untether for 4.3.4 and beyond is currently patched… until a new exploit is uncovered. You really do make it sound like all jailbreaks for 4.3 are tethered now.

  • Juan

    btw, I may also be misunderstanding so if I am, my apologies. but I’m interested in how 4.3.4 patches even previous versions….

  • MrChris

    If there’s a will there’s a way! And the Dev Team has the will, so that means the “way” is just around the corner!

  • http://Www.chinch.com iJack

    I dno why but the safari on my iPad 2 is crashing, it could be due to JBme but the safari crashes once every now and then
    Also I’m getting “API unavailable” in installous for the apps, and installous on my iPhone 4 keeps crashing now and then, I jail broke it yesterday using JBme
    Any help appreciated, thanks

    • rdqronos

      Dude, Installous is illegal. Don’t use it.
      Besides that, Safari crashing could be due to Jailbreakme. I’d recommend a restore, but seeing as 4.3.4 blocks the exploit (and you can’t downgrade unless you’re on an iPad 2 Wi-Fi) you really can’t… just live with it

    • Hiral

      i experienced that too. but the only thing you can do it restore it ( assuming you have SHSH BLOBS saved) and jailbreak it with redsn0w. follow these steps :
      1) don’t sync apps with itunes.. just download it on your iphone
      1) jailbreak it
      2) install Apple sync first from cydia.hackulo.us and reboot
      3) install installous 4
      4) download a free app from App Store
      5) now use installous should work fine

      hope it works for you :D

  • Frankie

    is it mandatory to upgrade to 4.3.4??

    i will advise anyone to stick with 4.3.3…

    • SimonOrJ

      The only difference between iOS 4.3.3 and iOS 4.3.4 is that PDF patching(?)… So you can say it’s unnecessary to upgrade to iOS 4.3.4.

  • Dustin

    This doesn’t scare ‘me’ because I did not update to iOS 4.3.4. Sure Apple patched It, but I’m sure the dev team will find a way to exploit the Firmware.

    For those who ‘accidentally’ updated, you can downgrade your Firmware by using TinyUmbrella or iFaith, that unless you saved your SHSH blobs.

    • soccerkrzy

      The dev team will not be working on 4.3.4, they’re focused on iOS 5

  • http://www.twitter.com/appleradar AppleRadar

    If your concerned about the exploit just search PDF Patcher 2 in Cydia and your good until iOS 5.

  • DeltaJB

    Lol just stick with 4.3.3 for now,, sure last year no one would update to 4.0.2 as the same issue lol just wait for time to pass and we’ll be grand

  • Francesco

    Nah it doesn’t scare me… cz I have SHSH saved from 4.1-4.3.3 ipod touch :) so I can downgrade updgrade with no problem :) idk if apple fucks us over……DEV TEAM ALL THE WAY THEY WILL FIND A WAY ……. THEY ALWAYS DOOO……… :)

    • Techno709

      good man 8)

  • Louis

    I don’t really understand this. Can someone please explain this to me in plain English. That would be much appreciated :D

    • Ernesto

      Let’s say iOS is a house and no one can get out. Except the owners. So, the owners are away from the house and they set up a security system around the house while their gone. Well, this house was named “4.1.0” by its owners and it has a very high security alarm around it. However, smart people were able to disable part of this security and they were allowing “people” (by people I mean software) in the house that were not allowed in by the owners. But the owners were out of the country and they couldn’t do anything to the house until they got back. They only knew the house was being attacked. So, they sent a couple smaller updates to their security until they got back. When these updates were sent they renamed their house to “4.2.0” “4.3.0” and others as u may know. These updates were pointless and a waste of money because smart people could easily break their security code. Well, when the owners got back they decided to get a completely new security system. and when they did they figured out the hole the smart people were digging underground… So they buried it. And now they decided to call their home 4.3.4. But the people inside have no clue what’s going on to the outside. So they still haven’t received the security updates. 

  • http://www.benjamin.com benjamin

    I’m looking for iphone unlock

  • http://www.benjamin.com benjamin

    I was try to jailbreak ios 4.3.4 using software I bought from unlockiphoned.com but it can only jailbreak not unlock can anybody here help me?

    • Christopher

      There isn’t an unlock for earlier basebands associated with lower firmwares, what makes you think there would be anything for 4.3.4 haha, so you have basically paid to have your phone jailbroke tethered when you could of done that for free, unlucky lol

    • sofakingstoked

      Just purchase a Gevey Pro SIM card and you can use your phone with any GSM carrier. The fact that you updated to 4.3.4 won’t matter, the Gevey unlocks any IOS version on iPhone 4. Make sure it’s the Gevey Pro only, it’s the only one that works.

    • SimonOrJ

      I think you did a crazy thing by buying a software… The information about Unlocking your iPhone is at:
      http://www.idownloadblog.com/unlock/ (Unlock tab on the top of page)

  • kokhean

    I have SHSH blobs saved from 3.1.3 till 4.3.4 and I have the new bootrom 3GS. With the limera1n exploit, nothing is impossible.

  • petty

    okay im a chick and not computer savy and i just dowloaded the 4.3.4 upgrade on my ipad and have wanted to jailbreak for ages, DOH i didnt know about Jailbreakme man a chick like me could have used that!!! okay so i have an iphone 4 and its still running 4.2.1 when i goto jailbreakme there is no free button to click to install im guessing caused i needed a 4.3 ios not 4.2? do you think jailbreakme will be back in the future or has the patch foiled that easy way of jailbreaking?

    • James

      JailBreakMe isn’t compatible with 4.2.1, yet! .. You can use GreenPois0n to jailbreak 4.2.1 or if you want to use JailBreakMe and you have your shsh blobs saved for 4.3.3 you could use it.

    • re:petty

      Jailbreakme just works on iOS 4.3.3 (as we speak), since you already updated your iPad to 4.3.4, try to downgrade to 4.3.3. As for your iphone 4, either upgrade to 4.3.3 and use jailbreakme or use redsnow to jailbreak on 4.2.x.
      On a last note, I heard apple is still signing 4.3.3, so go to the download section and download 4.3.3 to your idevice, because if you go to itunes and press update, they will update you to 4.3.4 where you cant jailbreak afterwards.
      Hope I helped

  • James

    Even if they did, they would be more retarded than the guy who leeked JailBreakMe, to waste an untethered exploit on 4.3.4 when IOS 5 is only 2 months away. People will just have to make do without 1 if they are unlucky enough.

  • Kristen

    Can somebody help me my apps in installous keeps saying API error is it anyway to fix this??

    • kokhean

      Yes. Purchase the apps from the App Store.

  • jeff

    name 1 piece of hardware that was ever locked down forever. OSX? nope. Xbox? nope

  • Age

    I’m on 4.2.1 JB Greenpoison and want to upgrade to 4.3.3 and then re-jailbreak, what is the best way to do this? Is it best to do an upgrade to 4.3.4 then downgrade to 4.3.3 as I have my blobs saved, will a JB work for 4.3.3 if I do this? Or is there a way to go from 4.2.1 to 4.3.3 without going to 4.3.4? thank you in advance

    • SimonOrJ

      If apple still signs iOS 4.3.3, then there’s a hope.

  • Mattia

    Actually i think that apple should just accept that most of the iPhone users do jailbreak their iPhones. Apple is waisting their time on trying to make a firmware unjailbreakble because there’s no way jailbreaking community always finds a way :D

  • SimonOrJ

    Guys, you guys’ll be fortunate if Apple still signs iOS 4.3.3 cause they did when I was upgrading from 4.3.1 to 4.3.3 after 4.3.4 came out… um, 3 days ago.

    I’m sure there will be hope for Untethered Jailbreak on iOS 5 at least!

  • John

    …is it me or did everyone forget about shatter??? Why do we need to be scared when we have that waiting for iPhone 4(s)/(5)??

    Got heeeeeem

  • Age

    Can I go from 4.2.1 to 4.3.3 without going to 4.3.4. I have my blobs for 4.3.3 :)

  • http://www.reverbnation.com/assatamanagementmusic trajidy

    i have a iphone 4 (verizon) i had the phone jail broken 4 days ago and it was working dope, even found away to use my phone as a free hot spot as i was paying 30$ a month extra to do tha, smh. Well long story short im one the idiots who isnt computer savvy and i updated my phone, lost my jail break,etc. Restored it and now its on ios 4.2.9. can anyone help a brotha out, need this damn phone jail broke please and thanx- TRAJIDY ‘The Lost Poet’

  • Brandon

    I have all SHSH Blobs since 3.1.1! If you want one, email me, I have all iDevices including AppleTV!

  • http://www.reverbnation.com/assatamanagementmusic trajidy

    @brandon whats ya email?

  • http://www.reverbnation.com/assatamanagementmusic trajidy

    @brandon my email deondadams@yahoo.com i have a verizon iphoine

  • Ehhh

    @ the two Guyana above

    The shsh blobs are different for every iPhone/iPod (they are individua)

  • MY05GLI

    be prepared to carry some sort of Tethered Booting Device like a portable battery charger.

  • http://www.reverbnation.com/assatamanagementmusic trajidy

    currently have my iphone jail broken (untethered) leggooo look at me, oh look at me now , oh, lol

    • Hey-u

      @tragedy how did u do it?