Hacker Releases First Public Jailbreak for Up-to-Date iPhones in Years (vice.com) 12
Apple has mistakenly made it a bit easier to hack iPhone users who are on the latest version of its mobile operating system iOS by unpatching a vulnerability it had already fixed. From a report: Hackers quickly jumped on this over the weekend, and publicly released a jailbreak for current, up-to-date iPhones -- the first free public jailbreak for a fully updated iPhone that's been released in years. Security researchers found this weekend that iOS 12.4, the latest version released in June, reintroduced a bug found by a Google hacker that was fixed in iOS 12.3. That means it's currently relatively easy to not only jailbreak up to date iPhones, but also hack iPhone users, according to people who have studied the issue.
"Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version (or any 11.x and 12.x below 12.3) are jail breakable -- which means they are also vulnerable to what is effectively a 100+ day exploit," said Jonathan Levin, a security researcher and trainer who specializes in iOS, referring to the fact that this vulnerability can be exploited with code that was found more than 100 days ago. Pwn20wnd, a security researcher who develops iPhone jailbreaks, published a jailbreak for iOS 12.4 on Monday.
"Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version (or any 11.x and 12.x below 12.3) are jail breakable -- which means they are also vulnerable to what is effectively a 100+ day exploit," said Jonathan Levin, a security researcher and trainer who specializes in iOS, referring to the fact that this vulnerability can be exploited with code that was found more than 100 days ago. Pwn20wnd, a security researcher who develops iPhone jailbreaks, published a jailbreak for iOS 12.4 on Monday.
is there a FreeBSD port? (Score:2)
Re: (Score:2)
for the iphone? or android or linux?
Yes, or no.. But I'm sure you cannot afford to do them all...
So that's why... (Score:2)
So that's why my iPhone is begging to update itself again.. Wonderful..
Source merging is such a pain sometimes, get the new guy to do it. I wonder which fresh out of college kid, living in an RV parked on the street employee who was tasked with source code management messed up? And are they now living in a tent?
Re: (Score:3)
With all its billions... (Score:4, Insightful)
Interesting question here (Score:3)
So why have there been no jailbreaks for so long? I don't think the devices are necessarily that much more secure, though there has been some emphasis on security around the OS and process security over the years.
I am wondering if the reason why we generally don't see jailbreaks anymore, is because the exploit needed to make it work is more valuable sold on the black market and kept from Apple, whereas in this one case the bug that opened the jailbreak was already patched so there was no value to the exploit itself knowing it would be immediacy re-patched.
There's also probably an element of jailbreaking just being much less useful these days.
Re: (Score:2)
There have been lots of jailbreaks just not for up to date iOS versions.
What's annoying to me is that there doesn't appear to have been a fully maintenance free untethered jailbreak since iOS 6.
Re: (Score:2)
Can't speak for the black market, but there's been many hundreds [cvedetails.com] of responsibly-disclosed vulns in recent years, including dozens of privilege escalations, and jailbreaks based on these certainly exist for older, unpatched iOS builds. Rarer that any reappear in up-to-date builds though.
Re: (Score:2)
That's pretty much what the article is also saying in paragraph 4:
For years, jailbreaks have been held closely to the chest by security researchers, because the ability to jailbreak an iPhone means the ability to hack it. As we've reported several times, exploits for the iPhone can sell for millions of dollars, which means that no one has been willing to release jailbreak code publicly because Apple will quickly patch it.
Apple seems to have a source control problem (Score:4, Interesting)
Hurry Hurry Hurry (Score:1)
Now for a very limited time you can make the device you've paid for truly yours. Don't pass up this offer!