Well, my day was canceled and my phone needs a rebuild, so it’s maintenance day! finally getting to some much needed upgrades That i have been putting off. please excuse the dust and potential outages.
There are just so many privilege escalation fixes in the latest iOS 12.2 update. I finally removed the jailbreak from my primary device and updated. Privilege escalation is when an unprivileged or user process (like an app from the app store or even a web page*) gets root or even kernel authority. This is when bad turns to worse because it can do and see anything with any of the device’s data or sensors. Since even the big trusted apps have been caught tracking or stealing data, I simply couldn’t leave myself unprotected any longer.
I’ll still of course keep a development device jailbroken on 12.1.2 for all of the reasons. It was a wonderful experience, only slightly beta. I appreciate all the hard work by everyone in the scene. I think i am going hate seeing the home bar again the most.
* web pages are often sandboxed separately from the app itself. Some might argue that a webpage would first have to escape the sandbox before it could escalate privileges. this is true, but i would respond that sandbox escape is just another form of privilege escalation, only one level down. There are also over a dozen webkit fixes in this update.
A long time in the works, this is the first completely open source jailbreak to be released for an almost current version of iOS (11-12.1.2). This is an interesting jailbreak. It is semi-tethered, but unlike previous jailbreaks, this can at least be untethered from the device itself. Using Cydia Impactor, you can side load the unc0ver app and install the jailbreak directly from the app. it also allow the easy rejailbreak upon reboot or battery drain. Great work all around despite the remaining bugs and instability (it is still beta. Huge thanks to the efforts of @pwn20wnd and @sbingner). To be honest, there are very few tweaks and apps that are ready for iOS 12, but i am excited to see the tradition of jailbreaking continue. I have cydia again! For the first tine since I closed down my own cydia repo. C’mon developers, do you thing!
UPDATE: This problem was resolved in b38.
The fun “i️” i bug in iOS 11.1 on a 6s plus.
UPDATE: Fixed in iOS 11.1.1!
looking good with exciting new Control Center and loads of other features. my favorite is 5x sleep to disable touch ID (instantly and temporarily). I am looking forward to the new Augmented Reality features built into ARkit. I cannot wait to see what developers do with it.
There are a few sticky wickets (i.e. Apple changed the bluetooth and wifi toggle functionality in Control Center). For example, if you “turn off” wifi it actually just disassociates you from your current network leaving your wifi radio on and functioning. i don’t mind because i wanted exactly this feature. if you actually want to turn off a radio, you need to go to your Settings app or turn on Airplane mode.
Apple maps is stepping up their game with indoor maps of malls, airports and others allowing navigation without GPS or even a view of the sky. Easy trick to share your complex wifi password with other apple devices and of course native animated GIF support!
I’m at the Apple Store resolving an issue with my iPhone camera. The same camera Jitter that is already an extended replacement with Apple for the iPhone 6 Plus. No warranty left and no love for my 6s Plus. They wanted to charge me $80. After begrudgingly agreeing and waiting an hour for the repair. i returned to a phone with a completely non-functioning camera. whoops.
I hurriedly backed up my phone in preparation for Apple replacing it. I have now been here for 3 hours. I spent most of my time waiting for someone. Now waiting for activation of the new phone. Then waiting for restore. In all, my customer service experience was much worse then expected. After very helpful and accommodating internet support, I received absolutely terrible support from the Apple Store itself. When i asked to complain to a manager, the “Leader” they brought out was condescending and robotic in his rhetoric. The 2nd guy, was a lot more understanding, but Apple needs to take a hard look at their customer service.
In truth, I haven’t touched it in years. I haven’t even touched cydia recently. Sadly, all this work would only be useful for someone with an original or 3g iPhone. Apple certainly doesn’t support those devices anymore. Does anyone still use them? Unfortunately, my ISP insists that I remove the content. After 7 years of hosting it, they realized it violates TOS. I should check the logs. I wonder if it will even be missed. People say the internet never forgets. Sometimes it is quite the opposite. For nostalgias sake, I left the instructions site up: http://cydia.be3n.com/ (at least that does’t violate Dreamhost TOS). For the record, much of my work continued support well into iOS 4.
. . . Maybe it will rise again on S3?
Snapchat is a popular multimedia chat app with an allegedly vanishing history. Users can send pics or videos and set an expiration in seconds. After viewing the content for the prescribed duration… poof, it’s gone. I was bored and playing with Forest when I noticed that the app sends an alert to the sender when their message is captured using iOS’s screen capture function. I was actually impressed with the forethought. Unfortunately, that impression did not last long. It took me less then 20 minutes and only 3 messages to take advantage of Snapchat’s prebuffering to capture the message permanently without revealing that I had even viewed it. I did this all with the latest Snapchat on the latest iOS on a stock iPhone 6s+ (no jailbreak). Honestly I find this kind of thing in a lot in applications not designed specifically for security. Non authenticated data is sent before the authentication for speed or some other performance reason that negatively impacts security. Kinda like client side authentication, sure there is a reason for it, but that doesn’t make it a good idea. I am certainly not the only one to figure this out. It seems that the basics of this method have been known for at least a year.
UPDATE (6-15-16): Tested again with newest Snapchat app. still working.
I just got off a very strange call. Apparently, a complete stranger received a FaceTime request from me. “Butt Dial” right? no big deal. Not this time. At the time, i was in the middle of a FaceTime call with my dad. I am almost certain I know exactly when it happened because i noticed a call-waiting style interruption on our call. The first strange thing i noticed was that the incoming caller was my dad. The same dad, I was presently talking to. I rejected the call, thinking it was my dad accidentally calling from a different device. Then, moments later I get a mobile call from another LA number. This time from an irate husband demanding to know why I would FaceTime his wife. Unfortunately, I may have given them the wrong impression by asking questions of them. The IT guy inside me wanted to figure out what just happened. Needless to say, they didn’t enjoy being grilled. I barely had time to get out a few apologies, i don’t think they even realized that I hadn’t actually even called them. I did get some answers. They were not on a call at the time. They were not even on the device. My call history shows no outgoing calls save my dad. my dad’s history doesn’t show the missed call on my history from him. I am almost certain I will never know what actually happened. I am guessing that Apple FaceTime system might be a bit more duct tape and spit then we were lead to believe.