Exploit

Newly discovered iBoot exploit makes A5(X) devices jailbreakable for life

Cody Lee ∙ February 1, 2014

"So looks like all my A5(X) devices are fully untethered and jailbroken for life now. :)" iH8sn0w, the developer behind Sn0wBreeze and other jailbreak apps, tweeted this afternoon. The comment has caused quite a bit of excitement, as we haven't seen anything like this in jailbreaking since LimeRa1n.

iH8sn0w says he doesn't have a bootrom exploit though, but rather a "powerful iBoot exploit." And although it doesn't look like he's going to do anything with it right now in terms of a public release, it sounds like he'll be able to use the exploit in future jailbreaks, and to find similar bugs in A6/A7 chips...

iOS 7 vulnerability allows anyone to bypass Lock screen

Cody Lee ∙ Updated April 14, 2018

The highly-anticipated iOS 7 update just started hitting iPhones and iPads yesterday, and already a major vulnerability has been discovered. Just like iOS 6.1 before it, the exploit involves a sequence of touches that allows a user to bypass a device's Lock screen.

The bug isn't easy to reproduce, but I was able to replicate it on my iPhone 4s. And despite having a passcode, it gave me access to a number of apps that contain personal data like photos, email, text messages, and both my Facebook and Twitter accounts...

iOS 7 includes fix for malicious charger exploit

Cody Lee ∙ August 1, 2013

Back in June, a group of researches discovered a flaw in iOS that would theoretically allow an iOS device to be hacked using a malicious USB charger. Their proof-of-concept allowed them to invisibly install malware on non-jailbroken iPhones and iPads.

The results of the experiment were called 'alarming,' and brought to the attention of Apple in hopes for a quick fix. The Cupertino company must have gotten the message, because according to a new report, the exploit has been patched in the latest iOS 7 beta...

Saurik posts exploit and fix for ‘Master Key’ Android vulnerability

Cody Lee ∙ Updated September 26, 2016

Jay Freeman, also known as Saurik, is well known by iOS users for his work in the jailbreak community. Not only does he run Cydia, the definitive jailbreak store, but he also develops tweaks and handles a number of other aspects.

But Saurik is also making a name for himself among Android users as well. Back in May, he released a working form of his Cydia substrate for Google's platform, and this weekend he's posted a fix for a major security vulnerability...

Over 700 million phones could be vulnerable to SIM card flaw

Cody Lee ∙ July 21, 2013

A German security researcher has discovered a massive vulnerability—one of the first of its kind—in the encryption used by some mobile SIM cards that could potentially allow hackers to remotely take control of their host handsets.

According to a report by The New York Times, the flaw relates to cards using DES (Data Encryption Standard)—an older standard that's being phased out by a number of manufacturers, but is still used by hundreds of millions of SIMs...

P0sixninja says he’s discovered exploits for next jailbreak

Cody Lee ∙ March 28, 2013

This is kind of interesting. Well-known iOS hacker and (former?) Chronic Dev Team member p0sixninja says that he has discovered enough exploits in iOS 6 to build a new jailbreak. The previous one, as most of you know, was recently shut down by Apple.

But it appears that p0sixninja has discovered some vulnerabilities that were not patched by the company's security team in the latest iOS update, as he tweeted out earlier tonight: "Well, so far it looks like the next jailbreak might be created entirely by me..."

New spyware found capable of taking over iPhones

Cody Lee ∙ August 30, 2012

The iPhone receives a fair amount of praise for its security features. The Massachusetts Institute of Technology says that the handset's encryption is so good, that it's tough for law enforcement agencies to perform forensics.

But this doesn't mean it's impenetrable, as hackers continue to find flaws. In fact, another big one was recently discovered in the form of spyware, which can take over the iPhone and give a user remote access to its contents...

Russian hacker admits defeat in IAP breach

Christian Zibreg ∙ Updated January 29, 2016

Alexey V. Borodin, the Russian hacker who made headlines with a tool which lets anyone steal extra content in apps, no jailbreak required, is admitting defeat following Apple's announcement that the in-app purchasing (IAP) exploit will be fixed in the shipping version of iOS 6 this fall.

In an unprecedented move, Apple gave developers access to a pair of private APIs in iOS, a temporary solution that effectively bypasses the hack. Borodin just publicly acknowledged that currently there is no way to circumvent Apple's band-aid fix in apps updated to take advantage of the private APIs...

Is Apple stepping up fight against IAP exploit with UDIDs?

Christian Zibreg ∙ Updated April 15, 2024

A flaw in the in-app purchasing mechanism in iOS that a Russian hacker exposed last week by leveraging a proxy server which enabled $30,000+ in sales of extra content may soon become a thing of the past as Apple is reportedly looking to contain the exploit by issuing a unique identifier in validation receipts.

This identifier apparently includes the Unique Device Identifier (UDID) for the device making the in-app purchase. The development is indicative remembering that the company recently began rejecting third-party apps over use of UDIDs. Apple was also thought to be readying tools for developers to let apps figure out users without resorting to UDIDs...

Apple starts blocking Russian servers that authenticate in-app content for free

Christian Zibreg ∙ July 16, 2012

Making good on its promise, Apple has started to block Russian servers which authenticate paid in-app content for free, The Next Web reports. The company is blocking IP addresses that host the rogue in-appstore.com domain by issuing takedown notices to hosting companies. PayPal has also intervened to block a private account through which donations had been collected, citing violation of its terms of service.

Despite this, hacker Alexey V. Borodin, the brains behind this controversial method, has already moved the servers to another country in an attempt to evade Apple’s legal requests...

Apple says it’s investigating in-app purchasing exploit

Cody Lee ∙ July 13, 2012

Earlier today, news broke of a new exploit in the App Store's in-app purchasing system that allows users to gain access to paid content, free of charge. The method does not require a jailbreak, and can be completed in a few simple steps.

As you can imagine, this has caused quite a stir in the iOS community, forcing Apple to take notice. This afternoon, the Cupertino company released the following statement...

Russian hacker cracks iOS in-app purchasing, no jailbreak required

Christian Zibreg ∙ Updated July 18, 2012

iOS in-app purchasing mechanism which lets you buy digital items in games, upgrade to full versions of apps and purchase additional content, has been cracked by a savvy Russian hacker who posted a proof of concept video, embedded below.

First noticed by Russian blog i-ekb.ru (via 9to5Mac), the hack is credited to Russian developer ZonD80 who runs the conveniently named In-AppStore.com website where he collects donations to support development of the project.

What's special about this method - and potentially devastating to the development community - is that it doesn't require a jailbreak and can be completed in a few simple steps by even the most inexperienced users. UPDATE: contrary to reports that Apple took the proxy site down, developer confirms it's simply under high load and says the info site is being moved to Blogger.