Lucene search

thnThe Hacker NewsTHN:754EDA3BD8060BD079B3DB44EE616405
HistoryMay 25, 2020 - 8:02 a.m.

New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug

The Hacker News





The hacking team behind the “unc0ver” jailbreaking tool has released a new version of the software that can unlock every single iPhone, including those running the latest iOS 13.5 version.

Calling it the first zero-day jailbreak to be released since iOS 8, unc0ver’s lead developer Pwn20wnd said “every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next beta version or the hardware.”

The group did not specify which vulnerability in iOS was exploited to develop the latest version.

The unc0ver website also highlighted the extensive testing that went behind the scenes to ensure compatibility across a broad range of devices, from iPhone 6S to the new iPhone 11 Pro Max models, spanning versions iOS 11.0 through iOS 13.5, but excluding versions 12.3 to 12.3.2 and 12.4.2 to 12.4.5.

“Utilizing native system sandbox exceptions, security remains intact while enabling access to jailbreak files,” according to unc0ver, meaning installing the new jailbreak will likely not compromise iOS’ sandbox protections.

Jailbreaking, analogous to rooting on Google’s Android, is a privilege escalation that works by exploiting flaws in iOS to grant users root access and full control over their devices. This allows iOS users to remove software restrictions imposed by Apple, thereby allowing access to additional customization and otherwise prohibited apps.

But it also weakens the device’s security, opening the door to all kinds of malware attacks. The added security risks, coupled with Apple’s steady hardware and software lockdown, have made it difficult to jailbreak devices deliberately.

Furthermore, jailbreaks tend to be very specific and based on previously disclosed vulnerabilities, and very much dependent on the iPhone model and iOS version, in order for them to be successfully replicated.

The development comes as zero-day exploit broker Zerodium said it would no longer purchase iOS RCE vulnerabilities for the next few months, citing “a high number of submissions related to these vectors.”

Last August, Pwn20wnd exploited a SockPuppet flaw (CVE-2019-8605) uncovered by Googler Ned Williamson to release a public version of the jailbreak — making it the first time an up-to-date firmware was unlocked in years — after Apple accidentally reintroduced a previously patched flaw in iOS 12.4. The company later rolled out a fix in iOS 12.4.1 to address the privilege escalation vulnerability.

Then in September, a security researcher published details of a permanent unpatchable bootrom exploit, dubbed checkm8, that could be employed to jailbreak virtually every type of Apple mobile device released between 2011 and 2017, including iPhones, iPads, Apple Watches, and Apple TVs.

While the new jailbreak leverages an as-yet-unknown zero-day vulnerability, the iPhone maker will likely roll out a security update in the coming weeks to plug the flaw exploited by unc0ver.

The new Unc0ver 5.0.0 jailbreak can be installed from iOS, macOS, Linux, and Windows devices. The usage instructions are available on the unc0ver website here.