Today saw the release of a new bootrom exploit for the iPhone 3GS, an unpatchable vulnerability which gives jailbreakers total control of this device forever.
Although the iPhone 3GS is now very much a legacy device and few users will be actively using them, the rarity of a bootrom exploit makes it worthy of note. There have been no publicly released exploits of this kind since limera1n, which supported only up to the iPhone 4.
For those of you holding out hope that a bootrom exploit has been discovered for newer iOS devices, you're going to have to keep hoping. That's because famed iOS hacker, MuscleNerd, has confirmed that no A5+ bootrom exploit exists. A bootrom exploit is extremely desirable, because it means that the device could be permanently susceptible to a tethered jailbreak, much in the same vein as limera1n for pre A5 devices.
The iPhone Dev Team has released RedSn0w 0.9.15b2, which fixes a few items for owners of older devices.
The most outstanding fix is for 3GS owners with old bootroms — RedSn0w 0.9.15b2 brings back untethered jailbreak support for end users who fall into that category.
Most of the changes don't pertain to owners of newer devices, but it's always a good idea to ensure that you're running the latest and greatest version anyway. Take a look inside for the full release notes.
If you are currently jailbroken on iOS 4.3.5, we have some bad news. There is going to be no untethered jailbreak until iOS 5 is released. This is because the various jailbreak teams are saving their exploits for iOS 5. They could release an untethered jailbreak right now, but then it would take longer to find an exploit for iOS 5...
Well well well. Here are some good news coming from MuscleNerd and co about a new exploit found by a hacker that goes by the name of pod2g. Apparently, pod2g found a bootrom exploit in iOS 4.0.1.
Why should we care about 4.0.1, I hear you saying? Since it's a bootrom exploit, it means Apple cannot patch the exploit with a software update. The only way to patch the hole would require a hardware modification. In other words, Apple won't be able to prevent us from jailbreaking until the iPhone 5 comes out.
The latest version of PwnageTool to jailbreak the iPhone 3GS has a few requirements that depend on your bootrom version. Many people have been asking me how to know what's the bootROM of your iPhone so here are some simple instuctions for both Mac and Windows.
The old bootrom refers to those produced before September 2009, version number 359.3. The new bootrom is version 359.3.2 or later.
How to find your bootrom version on WindowsStep 1: Put your iPhone in DFU mode: Launch iTunes and plug your iPhone in. Press and hold the home and and sleep button together for 10 seconds. After exactly 10 seconds, release the sleep button while still holding the home button. Keep holding the home button until iTunes tells you it has found an iPhone in recovery mode.
Step 2: Go to Control Panel > Hardware and Sound > Device Manager.
Step 3: Double click Universal Serial Bus Controllers, then click the Apple Mobile Device USB Driver item and click the Properties button.
Step 4: Select the Details tab, then select Device Instance Path from the Property dropdown menu. Scroll all the way to the right to locate your bootrom version.
How to find your bootrom version on MacStep 1: Put your iPhone in DFU mode: Launch iTunes and plug your iPhone in. Press and hold the home and and sleep button together for 10 seconds. After exactly 10 seconds, release the sleep button while still holding the home button. Keep holding the home button until iTunes tells you it has found an iPhone in recovery mode.
Step 2: In the Apple menu at the top left of your screen, select About This Mac, then click More Info on the window that appears.
Step 3: Select USB from the Hardware list on the left, then click to select Apple Mobile Device (DFU Mode) from the USB Device Tree on the main panel.
Step 4: In the detail panel right below the main panel, you should find the Serial Number. Your iBoot version is at the very end of it.