Independent security consultant Stefan Esser made waves earlier this year when a technique he developed for hacking iPhones was adopted by JailbreakMe and other mainstream jailbreaking services. The Register caught up with the German researcher at the Black Hat security conference in Las Vegas just ahead of his scheduled talk …
"At the moment I'm just evaluating other options"
Brilliant. The starting salary from Apple just had to increase there..."
removal of debugger from IOS.
How will that stop someone with the version of IOS that still has a debugger in it from making a cable and using in to create an exploit? they already said that it is only used to create the exploit, not to deploy it.
Removing the debugger...
OBVIOUSLY it means they will only be able to debug older IOS versions that still have the debugger. Taking it out of later releases will mean it's harder to crack those versions of IOS.
Probably because they would remove the functionality with a Kernel update. That way any exploits gleaned with a debugger wouldn't work right away, and without the debugger it would be more difficult to make them work. Not impossible, just more difficult.
This is the sort of article that makes El Reg shine. Thank you, Mr. Goodin.
As for the debugger and kernel exploits, I can certainly imagine how an organization would avoid spending resources to remove functionality from a core code base when it is so obscure--especially something as critical and delicate as an OS kernel. It is a high risk endeavor when the actual risk of leaving it there is mitigated by many factors.
That said, now that light has been shined on it, I'm sure they'll remove the debugger and patch the kernel as necessary very soon.
All this talk about IOS
How come Cisco doesn't sue? Give Apple a taste of it's own medicine.
Because of this:
Cisco doesn't sue...
...because Apple licensed the iOS name from them.