Saturday, 21 September, 2019

IOS Bug Enables iPhone Owners to Jailbreak After Years

Apple sues company that sells a virtual iPhone complete with iOS Virtual iPhone Maker Sued
Cecil Davis | 20 August, 2019, 20:41

iOS security researcher Pwn20wnd released a public jailbreak for the latest stable iOS version after Apple reintroduced a vulnerability patched in iOS 12.3, previously exploited to jailbreak iOS 12.2.

The development comes as Apple announced it will distribute special iPhones with root access that are less restrictive than their consumer counterparts to security researchers. This leaves Apple customers in potential danger, because security holes that enable jailbreaking also leave the iPhone wide open for malicious hacking.

Over the weekend a hacker who goes by the name Pwn20wned began refining jailbreaks based on SockPuppet so they support a wider variety of Apple's A processors used in iOS devices.

Steve Smith's concussion raises troubling memories for Australian cricket
Steve Smith hopes to begin his comeback from a concussion injury on Tuesday with a light training session at Headingley. After winning the first Test, Australia now holds a 1-0 lead in the series.

Jailbreaking - analogous to rooting on Google's Android - is a privilege escalation that allows iOS users to remove software restrictions imposed by Apple, thereby making it possible to bypass the company's walled garden to add apps and other functions, including those from unofficial app stores. That's a big problem for Apple, according to Jonathan Levin, a security researcher who spoke with Motherboard. That said, he also notes that the returning bug may already be exploited for "bad purposes". He reportedly suggested the vulnerability could be used to create spyware that steals user data. Williamson published his iOS 12.2 exploit well after Apple released iOS 12.3, but that exploit code has now been available for hackers to test for several weeks before a patch is available.

"Due to 12.4 being the latest version of iOS now available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version are jail breakable and vulnerable to what is effectively a 100+ day exploit, a Jonathan Levin, a security researcher was quoted as saying".