Firmware

Tihmstar opts not to release standalone exploit, instead says “something cool coming”

Anthony Bouchard ∙ January 12, 2019

There was no shortage of exciting jailbreak-centric news this past week, but perhaps the most captivating tidbit of all was the announcement that tihmstar was tinkering with an exploit that could hack a subset of devices running iOS 11.2.6-11.4.1 – specifically those with headphone jacks.

It didn’t take long after the initial announcement for tihmstar to share that he had achieved tpf0, which permits arbitrary reads and writes to a device’s kernel memory. On the other hand, a pair of Tweets shared just weekend shed new light on the hacker’s intentions involving said exploit:

Tihmstar is tinkering with an exploit for iOS 11.4-11.4.1 devices, but there are caveats

Anthony Bouchard ∙ January 10, 2019

If you’ve been waiting patiently on iOS 11.4-11.4.1 for a jailbreak to surface, then you might be in for a treat. Hacking guru tihmstar appears to be tinkering with an exploit that supports these firmware versions, at least on specific devices.

A Tweet shared by tihmstar Tuesday evening denotes how the exploit in question supports iOS versions up to 11.4.1; on the other hand, it also relies on the headphone jack. This caveat means that some devices, like those powered by Apple’s A10 and A11 chips, aren’t supported:

Apple stopped signing iOS 12.1 yesterday, but you can still downgrade to iOS 12.1 beta 2

Anthony Bouchard ∙ December 19, 2018

On Tuesday, Apple stopped signing the iOS 12.1 public release, preventing downgrades from iOS 12.1.1 or 12.1.2, which patched a variety of bugs and exploits that could potentially amount to something in the jailbreak community down the road.

Citing a Tweet shared this morning by hacker and unc0ver lead developer Pwn20wnd, Apple is still curiously signing iOS 12.1 beta 2, which means you could downgrade to iOS 12.1 beta 2 via iTunes if you tried:

Apple stops signing iOS 12.1, preventing firmware downgrades via iTunes

Anthony Bouchard ∙ December 18, 2018

Apple officially closed the signing window for iOS 12.1 on Tuesday, a move that prevents all iPhone and iPad users from downgrading their handset’s firmware via iTunes to any version lower than iOS 12.1.1.

Apple released iOS 12.1.1 just under two weeks ago and followed up with iOS 12.1.2 yesterday afternoon, so it’s not very surprising that the company is halting downgrades to iOS 12.1. It’s somewhat typical for Apple to stop signing an older firmware version about two weeks after an update is released.

Security researcher Jann Horn publishes a privilege escalation bug that was fixed in iOS 12.1.1

Anthony Bouchard ∙ December 10, 2018

Given everything that’s been happening in the security research space lately, iOS 12 appears to be far from non-exploitable. On the other hand, bugs, exploits, and vulnerabilities for Apple’s latest and greatest operating just keep rolling in with each passing day, and this could potentially be great news for the jailbreak community.

The latest of such occurrences involves a privilege escalation bug for iOS 12.1 and earlier by Jann Horn of Google Project Zero. The security researcher published his notes online regarding the bug Monday afternoon, just five days after Apple publicly released iOS 12.1.1 to patch the bug, along with several others.

Linus Henze releases Safari-centric exploit targeting iOS 12.1 and earlier

Anthony Bouchard ∙ December 7, 2018

It was only a few days ago that we learned about a sandbox escape PoC for iOS 12.0-12.0.1, and while it was just a proof of concept, there’s always the potential that a talented hacker could make use of it for future endeavors; perhaps even jailbreak development.

Fortunately, that’s not the only iOS 12-centric vulnerability floating around in the wild these days. As it would seem, a Safari-based exploit targeting iOS 12.1 and below (and macOS 10.14.1 and below) was also released this week by iOS tinkerer Linus Henze.

Apple stops signing iOS 12.0.1, hindering downgrades from iOS 12.1

Anthony Bouchard ∙ November 27, 2018

Apple stopped signing iOS 12.0.1 on Tuesday, a move that prevents all iPhone and iPad users from downgrading their firmware via iTunes to any version lower than iOS 12.1.

It’s been almost one full month since Apple publicly released iOS 12.1, signaling one of the Cupertino-based company’s longest firmware signing windows in recent memory; most windows only last for about two weeks.

Hackers demonstrate 0-day exploit on iOS 12.1 at recent Tokyo-based Pwn2Own contest

Anthony Bouchard ∙ November 21, 2018

Despite the absurd amounts of time and money that Apple pours into security efforts to make iOS one of the most secure mobile operating systems available today, it seems that even iOS 12.1, the latest publicly-available firmware version on the iPhone and iPad, isn’t entirely hack-proof.

At the recent Pwn2Own contest in Tokyo, Richard Zhu and Amat Cama, a duo of white hat hackers, reportedly harnessed the power of a powerful Safari-based 0-day exploit to recover a photograph that was recently deleted from an iPhone X’s native Photos app.

Last chance to downgrade to iOS 12.0.1 for potential jailbreakability

Anthony Bouchard ∙ November 7, 2018

Apple officially released iOS 12.1 to the public last week, and if history is anything to go by, then that means the Cupertino-based tech giant will soon close the gates for downgrades to iOS 12.0.1 via iTunes.

Apple generally closes the signing window for older firmware approximately 14 days after a new version is released, give or take a day. That said, if you’ve been thinking about downgrading back to iOS 12.0.1, then you should probably get a move on.

KeenLab teases jailbroken iPhone XS Max on iOS 12.1

Anthony Bouchard ∙ November 6, 2018

Every time Apple releases a major new software update for its iOS device lineup, it seems like the talented security researchers over at KeenLab are the first to jailbreak it.

KeenLab was the first to demonstrate a proof-of-concept jailbreak on iOS 12.0 in June and iOS 11.3.1 in April, but now it seems the security firm has found a backdoor into Apple’s iOS 12.1 update, which was only released last week.

Pwn20wnd releases two new updates to the unc0ver jailbreak tool with bug fixes

Anthony Bouchard ∙ November 6, 2018

iOS hacker Pwn20wnd released two new updates to the unc0ver jailbreak tool for iOS 11.0-11.4 beta 3 on Tuesday that encompass some rather important bug fixes and improvements.

Pwn20wnd announced the updates by way of his Twitter account earlier this afternoon, noting how they should remedy a couple of known errors during the jailbreak process.

Pwn20wnd releases unc0ver V1.1.2 to improve exploit success rates

Anthony Bouchard ∙ November 4, 2018

Pwn20wnd’s unc0ver jailbreak tool for iOS 11.0-11.4 beta 3 received a notable update on Sunday with improved success rates for both the Empty_List (VFS) and Multi_Path (MPTCP) exploits that it utilizes to pwn Apple handsets.

Pwn20wnd announced the updated version of unc0ver via his Twitter account, which came just hours after unc0ver V1.1.1: