Cyber Security

New Jailbreak tool works on most iPhones

0

A popular jailbreaking tool named “unc0ver” has been updated to support iOS 14.3 and earlier releases which makes it possible to unlock every iPhone model that has a vulnerability which was disclosed by Apple in January.

According to the tool’s lead developer Pwn20wnd, the latest version of the tool called unc0ver v6.0.0 expanded its compatibility to jailbreak any device running iOS 11.0 through iOS 14.3 using a kernel vulnerability, including iOS 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3.

The vulnerability that has been tracked as CVE-2021-1782, is a privilege escalation flaw in the kernel stemming from a race condition that could cause a malicious application to elevate its privileges.

The developer stated that they have written their own exploit based on CVE-2021-1782 for unc0ver to achieve optimal exploit speed and stability.

The vulnerability was addressed by Apple as part of its iOS and iPad OS 14.4 updates released on January 26, 2021.

The tech giant has mentioned that the issue may have been under active attack by bad actors. However, they did not specify how widespread the attack was or reveal the identities of the attackers actively exploiting them.

Jailbreaking involves a privilege escalation that works by exploiting flaws in iOS to grant users root access and full control over their devices. By doing so, the iOS users can remove software restrictions imposed by Apple, thereby allowing access to additional customization and otherwise prohibited apps.

Due to security reasons, Apple has made it difficult to jailbreak devices by locking down its hardware and software.

Last year, the unc0ver team released a similar jailbreak for iPhones running iOS 11 to iOS 13.5 by exploiting a memory consumption issue in the kernel (CVE-2020-9859). However, it was patched by Apple within few days by releasing iOS 13.5.1 to prevent the vulnerability from being exploited maliciously.

Image Credits : 9to5mac

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Ecuador’s largest private bank and Ministry of Finance hacked

    Previous article

    European e-ticketing platform Ticketcounter confirms data breach

    Next article

    You may also like

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *