Hacker News new | past | comments | ask | show | jobs | submit login

>A third security researcher, Stefan Esser said that people should be careful what apps they download from the App Store right now. "Any such app could have a copy of the jailbreak in it," he wrote on Twitter.

Seems a bit overblown when there's a review process in place. I'm sure it's not infallible, but still..




> Seems a bit overblown when there's a review process in place. I'm sure it's not infallible, but still..

Well, until now I assumed Apple would test for patched vulnerabilities in new iOS releases too.


It's happened before, and it's probably not super easy for Apple to do static binary analysis to determine if an app is going to make exactly the bad syscalls necessary for the jailbreak gated behind an undisclosed trigger functionality.


Can a review really check for this? Aren't there obfuscation methods and ways to delay the trigger of the exploit? It could wait for a special network package to start the exploit.

For iOS 9.3.3 there even was an app in the App Store, that could jailbreak your phone. (PG Client)


Yes, to some extent people should be worried about apps potentially containing exploits, but then again they should be more worried about 0-days than a known vulnerability.


> A zero-day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to, or unaddressed by, those who should be interested in mitigating the vulnerability (including the vendor of the target software)[0]

Why should a publicly known unpatched vulnerability be a lesser concern than something that you don't know exists?

[0]https://en.wikipedia.org/wiki/Zero-day_(computing)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: