Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0

March 2, 2021

A preferred jailbreaking device known as “unc0ver” has been up to date to assist iOS 14.3 and earlier releases, thereby making it doable to unlock nearly each single iPhone mannequin utilizing a vulnerability that Apple in January disclosed was actively exploited within the wild.

The most recent launch, dubbed unc0ver v6.0.0, was released on Sunday, in accordance with its lead developer Pwn20wnd, increasing its compatibility to jailbreak any machine working iOS 11.0 by way of iOS 14.3 utilizing a kernel vulnerability, together with iOS 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3.

Tracked as CVE-2021-1782, the flaw is a privilege escalation vulnerability within the kernel stemming from a race situation that might trigger a malicious utility to raise its privileges.

“We wrote our personal exploit based mostly on CVE-2021-1782 for #unc0ver to realize optimum exploit pace and stability,” Pwn20wnd said in a separate tweet.

The vulnerability has since been addressed by Apple as a part of its iOS and iPadOS 14.4 updates launched on January 26, 2021, however not earlier than admitting that the difficulty could have been beneath energetic assault by dangerous actors.

The iPhone maker, nevertheless, didn’t disclose how widespread the assault was or reveal the identities of the attackers actively exploiting them.

Jailbreaking, much like rooting on Google’s Android, includes a privilege escalation that works by exploiting flaws in iOS to grant customers root entry and full management over their units. In doing so, it permits iOS customers to take away software program restrictions imposed by Apple, thereby permitting entry to further customization and in any other case prohibited apps.

For its half, Apple has steadily made it troublesome to jailbreak units by locking down its {hardware} and software program for safety causes, which it says helps counter malware assaults.

Zimperium CEO Zuk Avraham said the jailbreak is “yet one more instance that attackers have an edge on iOS vs. defenders,” including “[Apple] must cease the necessity to jailbreak the machine within the first place and may simply allow customers to have full entry with no must run an exploit.”

Final Could, the unc0ver group launched a similar jailbreak for iPhones working iOS 11 to iOS 13.5 by exploiting a reminiscence consumption challenge within the kernel (CVE-2020-9859). However it was patched by Apple in a matter of days with the discharge of iOS 13.5.1 to forestall the vulnerability from being exploited maliciously.

Posted in SecurityTags:
Write a comment