Bad News: iOS 4.3.4 Permanently Kills the 4.3 Untethered Jailbreak

Apple has begun to step up its game with patching jailbreak exploits in iOS. When Comex’s PDF exploit was used in the latest version of JailbreakMe, Apple pushed out iOS 4.3.4 about two weeks later to combat the security hole.

Jailbreakers on 4.3.3 (4.2.9 for the Verizon iPhone) can stay on their current firmware to keep their untether, but the bad news is that Apple actually patched the untethered exploit that’s been used by jailbreakers since iOS 4.1.

The hacker responsible for the original untether in iOS 4.3, i0n1c, explained on Twitter that Apple did more than just patch the PDF vulnerability used by JailbreakMe in iOS 4.3.4. The “incomplete codesigning attacks” used by all untether exploits since iOS 4.1 have also been blocked.

“For those that did not get it: iOS 4.3.4 does not only fix jbme3 as announced, but also silently kills the ndrv_setspec() integer overflow.

In addition to that iOS 4.3.4 also adds code to dyld to detect attacks with binaries using “incomplete code signing”.

“Incomplete codesigning attacks” were used for all untether exploits from at least iOS 4.1.0

Wonder if {Apple] only tried to stop my xploit from modifying LCs at runtime with the new check, or if they knew it would stop [incomplete codesigning] attacks.”

The untethered jailbreak distributed for iOS 4.3.x by tools like RedSn0w, PwnageTool and Sn0wBreeze is no longer usable exploitable. This doesn’t mean that another untethered exploit won’t be uncovered, but it’s a sure sign that Apple means business.

iOS 5 is a couple months away from its public launch, and we’re sure that the Dev and Chronic Dev teams are already looking at the beta SDK to uncover exploits for a future jailbreak.

Does this news about Apple patching the iOS 4.3.x untether scare you? Or do you have faith that jailbreak devs will continue to find a way around Apple’s restrictions?