According to CNET’s Leslie Katz, the iPhone 3GS has already been “jailbroken” so that it can run unapproved third-party applications. The jailbreak application is known as “purplera1n” is currently only available for Windows machines and requires the latest version of iTunes to be installed. A Mac version is expected soon.
The whole iPhone “jailbreaking” phenomenon is interesting for a couple of reasons. The most obvious of these is that it proves iPhone owners have an interest in running software on their devices that Apple and AT&T disapprove of. This suggests that although the iPhone is quite popular, it might be even more popular if Apple stopped controlling it so tightly. At the very least, it shows there is demand for applications that Apple thinks are “inappropriate” somehow.
Another reason iPhone jailbreaking is significant is that it provides an undisputed example of how a security weakness in Apple’s Mac OS X operating system could be exploited by a malicious coder. As Apple and its fans often proudly state, the iPhone operating system is based on the Apple Mac OS X operating system. In some ways, it could be argued that the iPhone and its OS are Apple’s most secure product. Apple controls the hardware completely. Users can’t upgrade it in any significant way, such as adding more internal storage or replacing the CPU chip. Apple controls, or at least attempts to control, the software in a similar manner. Apple installs all the OS upgrades via iTunes, controls what content gets stored on the device, and even decides whose applications are permitted to run on the device. In other words, that platform represents Apple’s best efforts to lock down its hardware and OS.
Still, in spite of Apple’s effort, the iPhone continues to be jailbroken. In security terms, the “hackers” are able to break through Apple’s security precautions, modify the contents of the device, and run unauthorized applications on it. This is exactly the same thing as if a hacker constructed a specially-designed web page to tempt Mac users into visiting it, then used a security weakness in Mac OS X to slip a virus, worm, or “bot client” on it. In other words, jailbreaking the iPhone (which runs OS X) is essentially the same as breaking into a Mac (which also runs OS X). (I know the iPhone OS is a “subset” of the full OS X software, but the principle holds.)
My point isn’t to suggest that OS X’s security is weaker than that of Linux or Windows. After all, the definition of “weaker” is subjective and could be misleading. I’m merely suggesting (as I always do) that although historically there have been few malware infections on the Mac OS X platform, that doesn’t mean the platform is immune to malware. Mac users should take the same types of precautions that other computer users do, such as making sure their firewall is enabled (it is disabled by default in Leopard!), that they have current antivirus software running, do most of their work in “non-administrator” and “non-root” accounts, and be careful about what they download. The fact that there is a Mac botnet active on the Internet is evidence that some malware writers are targeting and exploiting the Mac platform. The bad guys have made use of this botnet to conduct a Distributed Denial of Service (DDoS) attack on certain web sites, so it’s not an idle threat. Make no mistake, there are people out there looking to exploit Mac users and gain control of their systems. Maybe there aren’t many, and maybe they’ve been quiet so far, but there may come a time when they become much more active and visible. You want to be proactive and prepared when that happens, rather than scrambling at the last minute to find tools to protect yourself. Some simple and inexpensive precautions now can protect you for years to come.