New 'unc0ver' tool can jailbreak all iPhone models running iOS 11.0 - 14.3

pablozi

Level 27
Verified
Trusted
Jun 14, 2011
1,594
A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild.

The latest release, dubbed unc0ver v6.0.0, was released on Sunday, according to its lead developer Pwn20wnd, expanding its compatibility to jailbreak any device running iOS 11.0 through iOS 14.3 using a kernel vulnerability, including iOS 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3.

Tracked as CVE-2021-1782, the flaw is a privilege escalation vulnerability in the kernel stemming from a race condition that could cause a malicious application to elevate its privileges.

"We wrote our own exploit based on CVE-2021-1782 for #unc0ver to achieve optimal exploit speed and stability," Pwn20wnd said in a separate tweet.

The vulnerability has since been addressed by Apple as part of its iOS and iPadOS 14.4 updates released on January 26, 2021, but not before admitting that the issue may have been under active attack by bad actors.

The iPhone maker, however, did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them.

Jailbreaking, similar to rooting on Google's Android, involves a privilege escalation that works by exploiting flaws in iOS to grant users root access and full control over their devices. In doing so, it allows iOS users to remove software restrictions imposed by Apple, thereby allowing access to additional customization and otherwise prohibited apps.

For its part, Apple has steadily made it difficult to jailbreak devices by locking down its hardware and software for security reasons, which it says helps counter malware attacks.

Zimperium CEO Zuk Avraham said the jailbreak is "yet another example that attackers have an edge on iOS vs. defenders," adding "[Apple] needs to stop the need to jailbreak the device in the first place and should just enable users to have full access without a need to run an exploit."

Last May, the unc0ver team released a similar jailbreak for iPhones running iOS 11 to iOS 13.5 by exploiting a memory consumption issue in the kernel (CVE-2020-9859). But it was patched by Apple in a matter of days with the release of iOS 13.5.1 to prevent the vulnerability from being exploited maliciously.
Source: New 'unc0ver' Tool Can Jailbreak All iPhone Models Running iOS 11.0 - 14.3
 
F

ForgottenSeer 85179

Zimperium CEO Zuk Avraham said the jailbreak is "yet another example that attackers have an edge on iOS vs. defenders," adding "[Apple] needs to stop the need to jailbreak the device in the first place and should just enable users to have full access without a need to run an exploit."
Highly disagree and that's not how security works.

Apple do great work for user security and privacy. It wouldn't make sense allowing jailbreaking which break whole system security and also privacy.

In the past I follow Zimperium news but after this post I will stop.
 

pablozi

Level 27
Verified
Trusted
Jun 14, 2011
1,594
Highly disagree and that's not how security works.

Apple do great work for user security and privacy. It wouldn't make sense allowing jailbreaking which break whole system security and also privacy.

In the past I follow Zimperium news but after this post I will stop.
I fully agree with you on this however if there are people who like this kind of stuff and their choice to sacrifice security and privacy for customization then they are free to go for it.
I just don't get the point of buying Apple devices in that case because Android gives more choice in terms of customization without the need of putting yourself at risk.
 
F

ForgottenSeer 85179

I fully agree with you on this however if there are people who like this kind of stuff and their choice to sacrifice security and privacy for customization then they are free to go for it.
I just don't get the point of buying Apple devices in that case because Android gives more choice in terms of customization without the need of putting yourself at risk.
Well root on android break the whole system security (and also privacy) too and is maybe even a bigger risk then on iOS.

The only difference is that it's more easier and more known on different "experts"/ "tuning"/ "hacking" sites as Android is better for customisation.
 
  • Like
Reactions: venustus

pablozi

Level 27
Verified
Trusted
Jun 14, 2011
1,594
Well root on android break the whole system security (and also privacy) too and is maybe even a bigger risk then on iOS.

The only difference is that it's more easier and more known on different "experts"/ "tuning"/ "hacking" sites as Android is better for customisation.
What I meant was that you don’t need to root Android to customize it.
 

CyberTech

Level 36
Verified
Nov 10, 2017
2,517
tenor.gif
 
Top