On Wednesday, Apple (finally) released firmware 4.0.2, which patches the very large security holes exploited by @comex in the 2nd incarnation of jailbreakme.com. The only problem is they outright abandoned iPhone2G and iPod Touch 1G users! Even though Apple acknowledges in their security update the severity of these holes, they left iPhone2G and ipt1G owners high and dry — completely vulnerable to truly malicious variants of jailbreakme (these variants aren’t out yet, but they’re sure to come!).
Luckily for Apple, the Jailbreak community isn’t so callous. @saurik has been burning the midnight oil coding a Cydia package that will fix the holes for all devices and all firmware versions (even going back to version 2.x!). It will be released very soon, after some more testing is done. (Update: it’s available now…see update #2 below).
Since the only reason for 4.0.2 was to fix the security holes, and since the upcoming Cydia package will fix them too (and then some!), everybody should sit tight on 4.0.1 (or lower) and install the Cydia package as soon as it’s out. Jailbreakers can have their cake and eat it too.
P.S. Dear Apple: you’re welcome!
Update #1: For those who know their way around the bash shell and dpkg, please try out this fix and send any pertinent feedback to @saurik.
Update #2: The fix is installable via Cydia itself now (search for “PDF Patch”). To test that it’s working properly, visit jailbreakme.com again. After you slide to jailbreak, you should no longer see a dialog box pop up (you’ll just see the star background). That means you’re no longer vulnerable!