Researchers have discovered a pair of security vulnerabilities related to the stock Mail app on iOS devices, but it appears there's no reason to panic just yet.
iOS
Security researcher achieves tfp0 exploit on A13 device running iOS 13.4.1
Jailbreakers with access to an A7-A11 device pretty much have it made thanks to the hardware exploit-based checkra1n jailbreak that can’t be patched by Apple in a software update. Those handling newer devices, such as the A12 and A13 varieties, instead depend on infrequently released tfp0 exploits. These seem to surface sporadically with no rhyme or reason, and they can unfortunately be patched by Apple’s software updates.
On a more positive note, it does appear that a skilled security researcher going by the Twitter handle @ProteasWang has achieved tfp0 on an A13-equipped handset running iOS 13.4.1. This is currently the latest version of iOS available from Apple, and with that in mind, the news has particularly exciting implications for jailbreaks such as unc0ver and the to-be-released Chimera13 tool.
Curb privacy paranoia when lending your iPhone to someone else with Spy
When you’re generous enough to loan your iPhone to a friend or family member, or even worse a complete stranger to make a phone call, one thing that probably weighs heavy on your mind is whether that person is invading your privacy by launching apps they shouldn’t be, such as Messages, Notes, or Photos to name a few.
I’ve found myself in this situation quite a few times myself, and that’s why I’m particularly excited about a newly released jailbreak tweak dubbed Spy by iOS developer Elias. This tweak works to your advantage in situations like the one above by logging the apps that a user opens with the mere flip of a toggle switch.
Ra1nbox is a NanoPi Neo2-powered box that can deploy checkra1n without a computer
The checkra1n jailbreak is driven by a powerful bootrom exploit that can’t be patched with a software update from Apple, and with that in mind, it’s easy to see why some people may opt to use checkra1n over some of the other jailbreaks available, such as unc0ver for example.
While it’s a great jailbreak, Windows users have relentlessly expressed dissatisfaction about having to borrow friends’ Macs or run Linux on their machines. With no certain ETA for a Windows-based checkra1n release, third parties are now cooking up interesting solutions. One is Ra1nbox, a small and portable box powered by a NanoPi Neo2 that can be used to deploy the checkra1n jailbreak from anywhere without the need for a computer.
Jake James rewrites oob_timestamp exploit as Pwn20wnd plans integration with unc0ver
Those who’ve been keeping close tabs on the jailbreak community as of late should be keenly aware of Brandon Azad’s oob_timestamp exploit, which made iOS 13.0-13.3 support for A12(X)-A13 devices via the unc0ver jailbreak possible. As wonderful as it is, the oob_timestamp exploit isn’t without its shortcomings, such as memory leaks.
Given the aforementioned circumstances, a series of Tweets shared early this morning by renowned hacker Jake James may be considered great news for the jailbreak community:
Microsoft announces work on a Defender ATP security platform for iOS and Android
Windows giant Microsoft today announced its Defender Advanced Threat Protection (ATP) security platform is coming to mobile devices powered by iOS and Android.
Brandon Azad officially releases OOB Timestamp exploit for iOS 13.0-13.3
Several days ago, hacker and iOS security researcher Brandon Azad took the jailbreak community by storm when he said he would soon be releasing a new kernel exploit proof-of-concept targeting the iPhone 11 on iOS 13.3. It didn’t take long after that for unc0ver jailbreak lead developer Pwn20wnd to add that unc0ver would likely receive an update incorporating the new exploit.
The teasers have awakened a brand-new audience in the jailbreak community, namely those handling Apple’s latest handsets like the iPhone 11 and variants of the iPhone 11 Pro. But all that hype aside, Azad officially released his new kernel exploit proof of concept Friday afternoon, and he’s calling it OOB Timestamp:
LockApps helps you protect individual apps with biometric authentication
If you’re in need of augmented security for your iPhone’s apps, then a newly released jailbreak tweak dubbed LockApps by iOS developer Azozz ALFiras could be just what you need.
Just as the name implies, LockApps lets users secure apps from their Home screen by requiring some form of biometric authentication to use them. The tweak currently supports both Face ID and Touch ID, depending on what your handset comes from the factory with.
Hacker teases successful jailbreak on third iOS 13.3.1 beta
It’s no secret that the checkra1n jailbreak tool the jailbreak community by storm. But despite being unfixable by Apple, it’s still always comforting to see a newfangled jailbreak demonstration, especially when it happens on Apple’s latest firmware and when checkra1n isn’t the method of pwnage.
A Tweet with an embedded video demonstration shared Monday afternoon by Twitter user @08Tc3wBB appears to demonstrate an iPhone X on iOS 13.3.1 beta 3 being jailbroken with the assistance of an unknown side-loaded jailbreak app.
IntelligentPass 3 disables passcodes and authentication in ‘low risk’ environments
Most people turn to passcodes or biometric authentication to keep the data on their iPhones and iPads safe from unwanted prying eyes. But as many would agree, there can be certain times when such security measures may be unnecessary or workflow inhibiting, such as when your handset is safe in your home or when you’re physically holding it.
IntelligentPass 3 is a commendable jailbreak tweak by iOS developers Luke Murris and Geometric Software that prevents your pwned iOS device from asking you to enter a passcode or authenticate yourself in ‘low risk’ environments. The tweak identifies said environments based on criteria that you, the user, configure.
Hacker iBSparkes achieves tfp0 on A13 with iOS 13.3
The jailbreak community has been on fire these past few months, with checkra1n delivering an un-patchable jailbreak experience for handsets ranging from the iPhone 5s to the iPhone X, and with unc0ver picking up support for iOS 12.4.1. But hey, why let the pwnage stop there?
Renowned hacker and iOS security researcher iBSparkes broke the silence this weekend after sharing a teaser of what appears to be successful tfp0 on a brand-new A13 device running iOS 13.3. Yes indeed folks, that’s both Apple’s latest hardware and software – pwned in one fell swoop. Not too shabby!
Apple halts downgrades from iOS 13.2.3 by unsigning iOS 13.2.2
Apple systematically stops signing older mobile software releases as newer ones become available. Given the company’s track record in this regard, it should come as no surprise to anyone familiar with the matter that Apple has stopped signing iOS 13.2.2 Monday evening, a move that effectively averts firmware downgrades from the newer iOS 13.2.3 that Apple released approximately two weeks ago with miscellaneous bug fixes.
There are two primary reasons why someone would want to downgrade their firmware in the first place, with the first being to revert back to an older version of iOS after a new release breaks functionality or introduces unwanted bugs, and the second being to restore the device to a jailbreakable firmware after a software update patches the necessary exploits used by a tool.