Security

Saurik warns against using Cydia Impactor alternative ‘AppSigner,’ says it’s unsafe

Anthony Bouchard ∙ January 3, 2019

If you’ve ever used a semi-tethered jailbreak before, then you should be familiar with Cydia Impactor. Saurik (Jay Freeman) created this multi-platform application to let you side-load apps on your iPhone or iPad, especially of the jailbreak flavor, such as Electra and unc0ver.

Recently, a web-based alternative to Cydia Impactor called AppSigner received some public attention on /r/jailbreak, and as you might come to expect, prominent members of the jailbreak community are speaking up to explain why you should not use it.

USB-C Authentication certification stops security attacks through malicious chargers

Christian Zibreg ∙ January 2, 2019

Several security experts have warned that a bad actor with a malicious version of the standard power adapter or charge cable could easily damage your computer or another USB-C device, even deliver malware to it in just a few seconds. A new USB-C Authentication certification introduced today by the USB Implementers Forum (USB-IF) seeks to put an end to that.

PSA: There’s a fake iOS 12 jailbreak in the wild, stay away from it

Anthony Bouchard ∙ Updated March 19, 2019

While most of us are celebrating New Year’s Day the old-fashioned way, others are taking full advantage of the holiday to propagate nefarious activities. As it would seem, a fake iOS 12 jailbreak is being tossed around in the wild.

Hacker and unc0ver lead developer Pwn20wnd hopped on Twitter early Tuesday morning to dismiss any confusion concerning the new of the fake iOS 12 jailbreak:

HiddenAlbumLock requires authentication to view the ‘Hidden’ album in your Photos app

Anthony Bouchard ∙ January 1, 2019

You can hide images from the Camera Roll in iOS’ native Photos app to prevent them from appearing in your image list, but hidden images are quickly discovered by prying eyes when someone holding your iPhone opens the “Hidden” album in the Photos app.

If you wish Apple took better care of your Hidden images, then you might enjoy a new free jailbreak tweak called HiddenAlbumLock by iOS developer smokin1337. Just as the name implies, this tweak locks the Hidden album and requires authentication to unlock it for viewing.

A bug permitted apps to access photos you uploaded to Facebook but chose not to post

Christian Zibreg ∙ December 14, 2018

A bug that Facebook discovered in its photo API may have permitted some third-party apps that you granted permission to access your account to also retrieve photos which you uploaded to Facebook but chose not to post.

NoLowPowerAutoLock disables the 30-second auto-lock when Low Power Mode is turned on

Anthony Bouchard ∙ December 14, 2018

iPhone owners can use the included Low Power Mode to save battery life on their iPhone in a pinch, and while it can be useful, I don’t particularly care for how it forces a 30-second auto-lock down your throat.

Apple doesn’t give you a way to increase the auto-lock timeout on a stock device with Low Power Mode enabled, but jailbreakers can take advantage of a free jailbreak tweak called NoLowPowerAutoLock by iOS developer SparkDev to command differently.

In response to serious bug, Saurik disables purchases in Cydia Store

Anthony Bouchard ∙ December 13, 2018

Saurik (Jay Freeman) was forced to make a tough decision involving the Cydia Store on Thursday after receiving troubling news from concerned developers in the jailbreak community.

As it would seem, a severe bug discovered in the platform by Andy Wiik could have enabled arbitrary Cydia Store package purchases via users’ PayPal accounts if they were logged into a Cydia account with a linked PayPal account and browsing potentially malicious third-party repositories in the app.

Independent Super Micro audit finds absolutely no evidence of Chinese spy chips

Christian Zibreg ∙ December 11, 2018

A third-party audit has found absolutely no evidence of Chinese spy chips being secretly embedded on server motherboards manufactured by Super Micro, poking another hole in Bloomberg's bombastic, highly questionable Big Hack story which it refuses to retract.

Security researcher Jann Horn publishes a privilege escalation bug that was fixed in iOS 12.1.1

Anthony Bouchard ∙ December 10, 2018

Given everything that’s been happening in the security research space lately, iOS 12 appears to be far from non-exploitable. On the other hand, bugs, exploits, and vulnerabilities for Apple’s latest and greatest operating just keep rolling in with each passing day, and this could potentially be great news for the jailbreak community.

The latest of such occurrences involves a privilege escalation bug for iOS 12.1 and earlier by Jann Horn of Google Project Zero. The security researcher published his notes online regarding the bug Monday afternoon, just five days after Apple publicly released iOS 12.1.1 to patch the bug, along with several others.

Apple’s reportedly shelved plans that would’ve significantly curtailed location collection

Christian Zibreg ∙ December 10, 2018

Apple's allegedly abandoned plans to make changes to its iOS mobile operating system that sources say would've helped reduce the amount of location data collected by your iPhone.

Linus Henze releases Safari-centric exploit targeting iOS 12.1 and earlier

Anthony Bouchard ∙ December 7, 2018

It was only a few days ago that we learned about a sandbox escape PoC for iOS 12.0-12.0.1, and while it was just a proof of concept, there’s always the potential that a talented hacker could make use of it for future endeavors; perhaps even jailbreak development.

Fortunately, that’s not the only iOS 12-centric vulnerability floating around in the wild these days. As it would seem, a Safari-based exploit targeting iOS 12.1 and below (and macOS 10.14.1 and below) was also released this week by iOS tinkerer Linus Henze.

Powerful sandbox escape PoC for iOS 12.0-12.0.1 released

Anthony Bouchard ∙ December 4, 2018

While there’s no official confirmation of any individual or team of people working on a public iOS 12 jailbreak, it seems that we could be one step closer as of Tuesday.

Citing a post published on /r/jailbreak, it appears that a powerful sandbox escape proof of concept for iOS 12.0-12.0.1 has been released, fueling speculation that a public jailbreak tool could be crafted in the future with support for Apple’s latest and greatest mobile operating system. Notably, the exploit is patched in iOS 12.1.