What's new

Fixing what Apple won’t


Staff member
Jun 15, 2010
Reaction score
United Kingdom
On Wednesday, Apple (finally) released firmware 4.0.2, which patches the very large security holes exploited by @comex in the 2nd incarnation of jailbreakme.com. The only problem is they outright abandoned iPhone2G and iPod Touch 1G users! Even though Apple acknowledges in their security update the severity of these holes, they left iPhone2G and ipt1G owners high and dry — completely vulnerable to truly malicious variants of jailbreakme (these variants aren’t out yet, but they’re sure to come!).

Luckily for Apple, the Jailbreak community isn’t so callous. @saurik has been burning the midnight oil coding a Cydia package that will fix the holes for all devices and all firmware versions (even going back to version 2.x!). It will be released very soon, after some more testing is done. (Update: it’s available now…see update #2 below).


Since the only reason for 4.0.2 was to fix the security holes, and since the upcoming Cydia package will fix them too (and then some!), everybody should sit tight on 4.0.1 (or lower) and install the Cydia package as soon as it’s out. Jailbreakers can have their cake and eat it too.

P.S. Dear Apple: you’re welcome!

Update #1: For those who know their way around the bash shell and dpkg, please try out this fix and send any pertinent feedback to @saurik.

Update #2: The fix is installable via Cydia itself now (search for “PDF Patch”). To test that it’s working properly, visit jailbreakme.com again. After you slide to jailbreak, you should no longer see a dialog box pop up (you’ll just see the star background). That means you’re no longer vulnerable!
Thanks for the info :)

However, I was wondering since i JB my iPhone4 with jailbreakme.com was the security hole patched after JBing my iPhone? Or do i still need to install the patch thru cydia?? Cydia on my iPhone4 seems to be updated with no alerts mentioned on startup.
sounds to me like you will need to install a patch from cydia. which they fixed more then apple did officially