Thank you @pwn20wnd and @sbingner for unc0ver 5.0!
New security updates overtake jailbreak advantages.
There are just so many privilege escalation fixes in the latest iOS 12.2 update. I finally removed the jailbreak from my primary device and updated. Privilege escalation is when an unprivileged or user process (like an app from the app store or even a web page*) gets root or even kernel authority. This is when bad turns to worse because it can do and see anything with any of the device’s data or sensors. Since even the big trusted apps have been caught tracking or stealing data, I simply couldn’t leave myself unprotected any longer.
I’ll still of course keep a development device jailbroken on 12.1.2 for all of the reasons. It was a wonderful experience, only slightly beta. I appreciate all the hard work by everyone in the scene. I think i am going hate seeing the home bar again the most.
* web pages are often sandboxed separately from the app itself. Some might argue that a webpage would first have to escape the sandbox before it could escalate privileges. this is true, but i would respond that sandbox escape is just another form of privilege escalation, only one level down. There are also over a dozen webkit fixes in this update.
Time to update your iOS devices again!
Yesterday, Apple patched a freighting code execution bug. The attack works over wifi, so that means it’s time to update your mobile devices again. Read Google’s post, their team discovered it.
Playing with screenshots & Snapchat
Snapchat is a popular multimedia chat app with an allegedly vanishing history. Users can send pics or videos and set an expiration in seconds. After viewing the content for the prescribed duration… poof, it’s gone. I was bored and playing with Forest when I noticed that the app sends an alert to the sender when their message is captured using iOS’s screen capture function. I was actually impressed with the forethought. Unfortunately, that impression did not last long. It took me less then 20 minutes and only 3 messages to take advantage of Snapchat’s prebuffering to capture the message permanently without revealing that I had even viewed it. I did this all with the latest Snapchat on the latest iOS on a stock iPhone 6s+ (no jailbreak). Honestly I find this kind of thing in a lot in applications not designed specifically for security. Non authenticated data is sent before the authentication for speed or some other performance reason that negatively impacts security. Kinda like client side authentication, sure there is a reason for it, but that doesn’t make it a good idea. I am certainly not the only one to figure this out. It seems that the basics of this method have been known for at least a year.
UPDATE (6-15-16): Tested again with newest Snapchat app. still working.
Amazing timing. I just got that. . .
For the past few days, I have been gathering the pieces for a project I finally started tonight. The strange part is that until tonight, I didn’t know that I’d be on this project. It involves an old iOS device, custom payloads, older Mac OS and especially old Xcode. It is as if it touched on everything i had been blogging about this week. Nothing new. Just stuff I was letting myself forget. None of it works with any of the newer devices (explains all the old code). It also involved finding my old methods or rediscovering them. When I’m done, I will pack it up nicely, document it thoroughly and hopefully never have to redo this part of the work again. Thanks for the much needed distraction, now back to work. (the gif above is from a very early payload from 2010 with much help from eric)
iPhone takes another dump!
This morning I woke to see that I hadn’t plugged in my phone overnight. I plugged it in and continued to prepare my breakfast. I returned to find the boot screen staring ominously at me. It never booted. So much for my jailbreak. I tried a few things (force restart, safe mode, no luck). Oddly enough, my watch was still receiving txt messages- no other iMessage client was working at that time). Now i am restoring to last year. (lol – it’s only 2 weeks old)
My iPhone implodes just in time for iOS 9.1.
Great work Pangu! Jailbreak 9-9.0.2!
Once again, Chinese team Pangu drops a public iOS jailbreak for all the devices presently released including the new iPhone 6s/+. The usual warning about backing up your devices and that most of the software on cydia must be updated to work with the OS. We know that 9.1 is already in the pipe. I hope no unnecessary bugs were burned. Taig did amazing work in iOS 8 to ensure that their bugs were released at the perfect time for maximum effect and user elation.
Only windows app presently. My windows virtual machine decided to implode this morning, so i used my gaming PC to get it done. (my new windows VM is still updating)
I was successful jailbreaking my iPhone 6s+ that had been OTA updated to iOS 9.0.2. Strangely, I received no confirmation screen upon success. Pangu recommends restoring your device directly to 9.0.2 instead of using the update feature on your device.
Apple announces small changes that signify an exciting direction!
Apple’s big announcement today turned out to be more small enhancements that add up to exciting developments. First off the rundown, iPhone 6s/6s Plus hits stores the 25th. Faster, better camera, haptic feedback, force touch, and rose gold. New iPad Pro with 2732?by?2048 12.9″ screen, a keyboard case, and a stylus! Hits stores November. (also a new iPad Mini) The Apple TV, got a complete rebuild with amazing looking features, but no delivery date. Also some new Watch styles and bands or whatever.
Continue reading “Apple announces small changes that signify an exciting direction!”