Exploit

Hacker appears to claim that iOS 13.7 is vulnerable to new exploit

Anthony Bouchard ∙ September 14, 2020

With Apple dropping software updates for its iPhones and iPads as frequently as they do nowadays, it’s particularly exciting when a hacker claims that they’ve pwned one of the company’s latest versions of iOS and/or iPadOS.

The most recent announcement to shake things up came by way of hacker @08Tc3wBB last month in the form of a new exploit for iOS 13.6.1 that allegedly used a different method to achieve its ends than the more traditional tfp0 method that we see in modern jailbreaks like Odyssey and unc0ver. On Monday, the same hacker appeared to validate that the newer iOS 13.7 would be vulnerable to jailbreak-centric exploitation:

Inferius permits creating & restoring from custom IPSWs via checkm8 exploit

Anthony Bouchard ∙ August 26, 2020

Upon refreshing the /r/jailbreak subreddit Wednesday evening, many jailbreakers were pleasantly surprised to learn about the release of a novel jailbreak-centric utility dubbed Inferius by @marijuanARM.

After a quick scan of the release notes on the project’s official GitHub page, it becomes apparent that Inferius was created to aid users in the process of creating and restoring from custom IPSW files. Quite the attention-grabbing feat indeed, but you’ll definitely want to read more about Inferius before you start jumping right in.

Newly teased exploit for iOS 13.6.1 uses different method than traditional tfp0

Anthony Bouchard ∙ August 15, 2020

There’s some potentially exciting news for the jailbreak community this weekend after hacker and security researcher @08Tc3wBB teased what appears to be a newfangled approach to exploiting the latest public release of iOS on one of Apple’s current-generation iPhones.

Citing one of @08Tc3wBB’s latest Tweets, it would appear that the hacker successfully pwned an iPhone 11 Pro Max running iOS 13.6.1 without using a traditional tfp0-style exploit like those used in the majority of modern jailbreaks like Odyssey and unc0ver:

Luca Todesco teases SEPROM code execution with checkra1n

Anthony Bouchard ∙ August 9, 2020

Nearing the end of last month, the Pangu Team took the stage at MOSEC 2020 to discuss a plethora of interesting topics, one of which really stood out from the rest. We’re of course talking about the unpatchable hardware based SEPROM vulnerability that targets a device’s secure enclave processor (SEP).

It wasn’t long after the SEPROM vulnerability was discovered and notes about it were published that famous hackers like Luca Todesco of the checkra1n team began tinkering with it. In fact, it was only yesterday that Todesco Tweeted some particularly eye-catching photos of checkra1n integration on an iOS device and of a T2-equipped Mac running the vulnerability as shown by the Touch Bar’s OLED display:

Pangu Team teases unpatchable SEP vulnerability at Mosec 2020

Anthony Bouchard ∙ July 24, 2020

It was a pleasant surprise waking up this morning to learn that the Pangu Team had successfully pwned iOS 14 using their own proprietary exploits and demoed it at the Mosec 2020 conference. Although this jailbreak in particular isn’t likely to be released, it shows that there’s a light at the end of the tunnel despite Apple’s ongoing efforts to snuff out jailbreaking once and for all.

But an iOS 14 jailbreak wasn’t the only thing that the Pangu Team shared during their presentation. Team member @windknown also discussed details encompassing security research with Apple’s proprietary SEP (Secure Enclave Processor) chips, which are used for storing valuable data including Face ID & Touch ID information and passcode data, among other things of utmost confidentiality.

Pangu Team demos working iOS 14 jailbreak at Mosec 2020

Anthony Bouchard ∙ July 24, 2020

Apple’s upcoming iOS & iPadOS 14 software updates aren’t slated to be released until sometime this Fall, but that hasn’t stopped prominent jailbreak community hackers from getting their hands dirty with the developer pre-releases and working their usual magic.

The first example of an iOS 14 jailbreak was shared by the checkra1n team mere days after Apple teased the update at WWDC 2020, but this was expected as checkra1n utilizes a hardware-based bootrom exploit that can’t be patched with a software update. Early this morning, however, the Pangu Team took the stage at Mosec 2020 to demonstrate a working jailbreak of their own on the iOS 14 platform.

New tfp0 exploit supports Apple’s brand-new iOS & iPadOS 13.6 releases

Anthony Bouchard ∙ July 16, 2020

When you’re an avid jailbreaker and you hear news about a new exploit that could potentially be used to jailbreak the latest version of iOS, then you tend to get excited about it. This response is only natural, especially given Apple’s rather conspicuous practice of rapidly releasing software updates to patch the very exploits hackers release in order to jailbreak iPhones and iPads alike.

With that in mind, jailbreakers might be particularly thrilled to learn that a new tfp0 exploit has been cooked up for Apple’s brand-new iOS & iPadOS 13.6 release, which was dropped to the public only yesterday afternoon. The news was first shared via Twitter user and security researcher @_Simo36 Thursday morning:

Brandon Plank launches open source RootlessJB4 for iOS 12.0-12.4.7 on A7-A11 devices

Anthony Bouchard ∙ July 12, 2020

More good news surfaced for the jailbreak community this weekend as hacker and iOS tinkerer Brandon Plank launched a new open source semi-untethered rootless jailbreak that supports all versions of iOS 12 dubbed RootlessJB4.

Rootless jailbreaks are essentially a category of jailbreak that avoid messing with the device’s root filesystem. As you might come to expect, this makes them more restrictive than their full-fledged jailbreak counterparts, such as checkra1n or unc0ver. On the other hand, rootless jailbreaks are, by nature, more difficult to detect by apps that implement jailbreak detection.

Checkra1n team gets jailbreak working on iOS 14 beta

Anthony Bouchard ∙ June 24, 2020

It was only a couple of days ago that Apple unveiled iOS and iPadOS 14 during the company’s WWDC 2020 keynote. Shortly after that, Apple launched its first developer beta of the updated mobile operating systems, allowing developers to go hands-on with the new features and prepare their apps for the update before it launches sometime this Fall.

While iOS and iPadOS 14 snagged a ton of features from the jailbreak community as Apple does every year with each substantial release, it doesn’t seem like jailbreaking will be going anywhere any time soon. In a Tweet shared late last night, checkra1n team co-developer Dany Lisiansky shared a teaser screenshot of the checkra1n jailbreak on the first iOS 14 beta:

Unc0ver for TV jailbreak for Apple TVs gets updated to a second beta

Anthony Bouchard ∙ May 27, 2020

Just yesterday, the unc0ver Team launched the first unc0ver for TV v5.1.0 beta, permitting Apple TV owners on the latest version of tvOS to jailbreak their Apple-branded set top box. The news came just a few days after unc0ver picked up support for iOS and iPadOS 13.5.

Early Wednesday morning, however, the unc0ver Team published a second beta of unc0ver for TV v5.1.0. The announcement was shared early Wednesday morning via the official unc0ver Team Twitter page:

Checkra1n updated to v0.10.2 with support for iOS 13.5, additional bug fixes

Anthony Bouchard ∙ May 23, 2020

The unc0ver jailbreak is about to be updated to version 5.0.0 with official support for all devices that can run iOS and iPadOS 13.5, and in a silent and rather unexpected undercut, the checkra1n team released v0.10.2 beta of its bootrom exploit-based jailbreak tool for macOS Saturday evening with official support for iOS and iPadOS 13.5.

According to the release notes for the updated version of the checkra1n jailbreak, v0.10.2 not only adds support for Apple’s latest mobile firmware versions, but also incorporates a few different bug fixes at that:

Countdown to release of unc0ver v5.0.0 with support for iOS 13.5 begins

Anthony Bouchard ∙ May 23, 2020

On Wednesday, team unc0ver teased an upcoming v5.0.0 of its jailbreak tool with support for all iPhones and iPads that can run Apple’s latest and greatest iOS 13.5 firmware (iPadOS 13.5 included) by way of a brand-new 0-day kernel vulnerability from project lead developer Pwn20wnd.

At the time, the official unc0ver.dev website displayed a progress bar with the text “Performing Final Stability Tests 90%,” but things seem to be moving right along. The progress bar has now surpassed 95%, and several high-profile Tweets now indicate that unc0ver v5.0.0 will be released this weekend, sometime within the next 24 hours.