A security update for Apple’s iPhone does more than just fix critical flaws in the handset. It also looks for and wipes out any modifications that users make to the firmware on their phones, according to hackers looking to unlock the phone.
But the security update does not break any of the tools that hackers have so far developed to modify the iPhone’s firmware, they said.
The iPhone v1.0.1 update primarily addresses a security flaw uncovered in the handset’s Safari browser that was to be detailed Thursday at the Black Hat 2007 conference in Las Vegas. That vulnerability, uncovered by researchers at Independent Security Evaluators (ISE), allows an attacker to access data and applications on the phone from a Wi-Fi access point or a malicious Web site.
When the update installs itself using iTunes, it also checks for changes that have been made to the phone’s firmware, the hackers said. When changes are detected in the old firmware, the update wipes the phone and then reinstalls the updated firmware, erasing any modifications that a user made.
On Wednesday, hackers involved with efforts to unlock the iPhone at the #iphone Internet Relay Chat (IRC) channel were still coming to grips with the impact of Apple’s security update, looking to test whether tools they developed continue to work. (Hackers have asked journalists not to publish links to their site, iPhone Dev Wiki, saying it’s not able to handle heavy volumes of traffic.)
Initially, the Apple security update appeared to block the ability to write files on the iPhone using the Jailbreak feature of the iActivation tool developed by the hackers, meaning the tool could no longer be used to add personalized ringtones to the phone.
However, the 1.0 version of Jailbreak continues to work fine, according to an update on iPhone Dev Wiki.