New security updates overtake jailbreak advantages.

There are just so many privilege escalation fixes in the latest iOS 12.2 update. I finally removed the jailbreak from my primary device and updated.  Privilege escalation is when an unprivileged or user process (like an app from the app store or even a web page*) gets root or even kernel authority.  This is when bad turns to worse because it can do and see anything with any of the device’s data or sensors.   Since even the big trusted apps have been caught tracking or stealing data, I simply couldn’t leave myself unprotected any longer.

I’ll still of course keep a development device jailbroken on 12.1.2 for all of the reasons. It was a wonderful experience, only slightly beta. I appreciate all the hard work by everyone in the scene. I think i am going hate seeing the home bar again the most.

* web pages are often sandboxed separately from the app itself. Some might argue that a webpage would first have to escape the sandbox before it could escalate privileges. this is true, but i would respond that sandbox escape is just another form of privilege escalation, only one level down. There are also over a dozen webkit fixes in this update.

Updates keep the SSL boogiemen at bay.

all the ssl blacklists are updates. we can return to thinking we are safe. Apple included the patches in a Security Update, Firefox updated to 6.0.2. Jailbroken iOS users can update or install “sslfix” in Cydia to get the protections that apple has yet to release.

After watching Moxie’s BlackHat talk, we seriously need to fix SSL. It is holding up too many technologies to be this insecure.