Hackers Release a New Jailbreak Tool For Almost Every iPhone

An iPhone hacking team has released a new jailbreak tool for almost every iPhone, including the most recent models, by using the same vulnerability that Apple last month said was under active attack by hackers. TechCrunch reports: The Unc0ver team released its latest jailbreak this weekend, and says it works on iOS 11 (iPhone 5s and later) to iOS 14.3, which Apple released in December. In a tweet, the jailbreak group said it used its âoeown exploitâ for CVE-2021-1782, a kernel vulnerability that Apple said was one of three flaws that "may have been actively exploited" by hackers. By targeting the kernel, the hackers are able to get deep hooks into the underlying operating system.

Apple fixed the vulnerability in iOS 14.4, released last month, which also prevents the jailbreak from working on later versions. It was a rare admission that the iPhone was under active attack by hackers, but the company declined to say who the hackers were and who they were targeting. Apple also granted anonymity to the researcher who submitted the bug.

This is a DMCA violation.

[Anonymous Coward]

I shall be reporting this egregious attack on the sacred devices used by Glorious iPhone Master Race IMMEDIATELY to Tim Apple, then the correct authorities.

Re:

[Powercntrl]

Not to mention, 14.4 fixed two very obnoxious bugs IMHO. It now correctly identifies my BT car radio as not being a pair of headphones and no longer forcibly turns down the volume of my music. It also now finally obeys the option to disable “optimized battery charging”. In a nutshell, it meant if you don’t live by a fixed sleep schedule (such as if you’re self employed and set your own hours), you might grab a partially charged phone on your “early” work days.

Can

Re:

[arglebargle_xiv]

Not to mention, 14.4 fixed two very obnoxious bugs IMHO. It now correctly identifies my BT car radio as not being a pair of headphones

Have they fixed the bug where it mistakes your wife for a hat?

Re:

[mcswell]

Yes, Dr. Sacks, but it still thinks I'm a bigamist because I have several hats.

Security

[phantomfive]

Apple's security approach is far behind the Android approach. Apple is barely getting the idea of jails, even though they've been in FreeBSD for almost two decades. Android has been isolating apps for a while.

Re:

[Vomitgod]

which means - going by market share - Android

Re:

[drinkypoo]

One thing doesn't follow the other, although both are generally true.

For one thing, Android is wildly more popular than Apple; not only in mobiles where Android has over 70%, in tablets where Android leads with over 60%, or even in laptops where e.g. Chromebooks outsold Macbooks in 2020, but also in all kinds of [mostly lower-end] spaces where Apple doesn't even participate, like car stereo head units. Google presumably isn't even making any money whatsoever off of most of those devices, and precious little

Re:

[phantomfive]

People whine about the security of Windows

To be fair there was a lot of good reason to whine about the security of Windows.

Re:

[phantomfive]

Sure, for years Windows was by the far the biggest client operating system for personal and professional computing so it was always the most prominant target, it wasn't necessarily that Windows was insecure

It wasn't that Windows was insecure, it was just that they had a bunch of insecure services installed by default accessible by the world, had a security framework designed for computers that weren't networked, and wrote in raw C (or C++) that didn't use best security practices.

Other than that, you know, they were secure.

Installation steps (Linux)

[hcs_$reboot]

I'm always a bit reluctant to execute the step 7., "Enter your Apple ID and password".

Re:

[hcs_$reboot]

Need a (paying) developer account.

Re:

[angel'o'sphere]

Apple id has nothing to do with a developer account.

Re:

[hcs_$reboot]

On Linux, to use the hack you must have a dev account, which is kinked to your Apple ID.

Re:

[hcs_$reboot]

*linked

Re:

[angel'o'sphere]

I think I lost somewhere the trail.

For what hack do you need a developer account?

And what prevents you to have an Apple ID/iCloud ID separated from your personal Apple ID?

Re:

[hcs_$reboot]

https://unc0ver.dev/ [unc0ver.dev] For Linux "Note: This method requires an Apple developer account"

"... was under active attack by hackers..."

[magusxxx]

For a long time Apple has used this term which really means, "We're solely talking about jailbreakers and not people doing anything really malicious."

Years ago Apple actually put out a quick "update" to patch nothing more than a new jailbreak which was released less than two weeks earlier.

Re:

[bill_mcgonigle]

> Years ago Apple actually put out a quick "update" to patch nothing more than a new jailbreak which was released less than two weeks earlier.

The more you tighten your grip, Tarkin, the more starsystems will slip through your fingers.

Hm

[fluffernutter]

Now that I have a choice, I may just consider buying an iPhone for the first time in my life.

Re:Hm

[drinkypoo]

You have a choice between buying an iOS device, jailbreaking it, and then Apple updating the OS and leaving you behind; or buying an unlockable Android device, unlocking the bootloader, and installing something AOSP-based like LineageOS and not only having an upgrade plan, but also weekly OTAs for many platforms. (I get them on my Moto X4.) Which, mind you, you can download and install or not.

Is that really even a choice?