Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
IOS Security Apple Technology

Hacker Releases First Public Jailbreak for Up-to-Date iPhones in Years (vice.com) 12

Posted by msmash from the how-about-that dept.
Apple has mistakenly made it a bit easier to hack iPhone users who are on the latest version of its mobile operating system iOS by unpatching a vulnerability it had already fixed. From a report: Hackers quickly jumped on this over the weekend, and publicly released a jailbreak for current, up-to-date iPhones -- the first free public jailbreak for a fully updated iPhone that's been released in years. Security researchers found this weekend that iOS 12.4, the latest version released in June, reintroduced a bug found by a Google hacker that was fixed in iOS 12.3. That means it's currently relatively easy to not only jailbreak up to date iPhones, but also hack iPhone users, according to people who have studied the issue.

"Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version (or any 11.x and 12.x below 12.3) are jail breakable -- which means they are also vulnerable to what is effectively a 100+ day exploit," said Jonathan Levin, a security researcher and trainer who specializes in iOS, referring to the fact that this vulnerability can be exploited with code that was found more than 100 days ago. Pwn20wnd, a security researcher who develops iPhone jailbreaks, published a jailbreak for iOS 12.4 on Monday.
This discussion has been archived. No new comments can be posted.

Hacker Releases First Public Jailbreak for Up-to-Date iPhones in Years More

Hacker Releases First Public Jailbreak for Up-to-Date iPhones in Years

Comments Filter:
  • for the iphone? or android or linux?

    • for the iphone? or android or linux?

      Yes, or no.. But I'm sure you cannot afford to do them all...

  • So that's why my iPhone is begging to update itself again.. Wonderful..

    Source merging is such a pain sometimes, get the new guy to do it. I wonder which fresh out of college kid, living in an RV parked on the street employee who was tasked with source code management messed up? And are they now living in a tent?

    • iOS 12.4.1 isn't out yet (at least I can't find anything that says it is). The current iOS version is 12.4, which is the vulnerable version (and why this story matters at all; older versions of iOS almost always get jailbroken eventually, that's not newsworthy). It's also the last major/minor version of iOS for a lot of devices; there won't be a 12.5, only 13 and probably a 12.4.1 in a day or two to patch this exploit. So if you have, say, an iPad mini 2 (like me), there's no real reason not to jailbreak it

  • With all its billions... (Score:4, Insightful)

    by RhettLivingston ( 544140 ) on Monday August 19, 2019 @05:16PM (#59103462) Journal
    Apple doesn't perform a full regression test on every release for previously known faults? Considering that their reputation for quality and security is a large part of the basis for their 50%+ per phone profits, perhaps they should consider being a little less stingy on profits and spend the time and money to run a full test suite on every full release build, if not every build.

  • Interesting question here (Score:3)

    by SuperKendall ( 25149 ) on Monday August 19, 2019 @05:20PM (#59103474)

    So why have there been no jailbreaks for so long? I don't think the devices are necessarily that much more secure, though there has been some emphasis on security around the OS and process security over the years.

    I am wondering if the reason why we generally don't see jailbreaks anymore, is because the exploit needed to make it work is more valuable sold on the black market and kept from Apple, whereas in this one case the bug that opened the jailbreak was already patched so there was no value to the exploit itself knowing it would be immediacy re-patched.

    There's also probably an element of jailbreaking just being much less useful these days.

    • Re: (Score:2)

      by sims 2 ( 994794 )

      There have been lots of jailbreaks just not for up to date iOS versions.

      What's annoying to me is that there doesn't appear to have been a fully maintenance free untethered jailbreak since iOS 6.

    • Can't speak for the black market, but there's been many hundreds [cvedetails.com] of responsibly-disclosed vulns in recent years, including dozens of privilege escalations, and jailbreaks based on these certainly exist for older, unpatched iOS builds. Rarer that any reappear in up-to-date builds though.

    • That's pretty much what the article is also saying in paragraph 4:

      For years, jailbreaks have been held closely to the chest by security researchers, because the ability to jailbreak an iPhone means the ability to hack it. As we've reported several times, exploits for the iPhone can sell for millions of dollars, which means that no one has been willing to release jailbreak code publicly because Apple will quickly patch it.

  • Apple seems to have a source control problem (Score:4, Interesting)

    by mccalli ( 323026 ) on Monday August 19, 2019 @05:55PM (#59103636) Homepage
    It's cropped up multiple times - right back to "goto fail". Patches not being merged back to the trunk/release branch (whichever they're using). That's exactly the problem here - 'unpatched' isn't a development word, 'regression' is a word and in this case it seems extremely likely to me that this is poor branch control and merging.

  • Now for a very limited time you can make the device you've paid for truly yours. Don't pass up this offer!

Slashdot Top Deals

Any circuit design must contain at least one part which is obsolete, two parts which are unobtainable, and three parts which are still under development.

Close