iOS Jailbreaking Afficionados Get Access to 13.5 - With a 0Day
The group behind iOS
jailbreaking tool Unc0ver say they have found a zero-day vulnerability in the
kernel of iOS 13.5, exploited it and packaged it up into the tool to deliver
root access to all iPads and iPhones that operate on iOS 11 — released in late
2017 — or higher.
Jailbreaking is escalating privileges on an iOS operating
system with the aim of getting root access, and therefore complete control,
over the desired device. This lets security researchers conduct OS kernel
security research, hobbyists add bespoke features, and bad actors do their
worst.
(Some, as security firm Duo notes, do it simply as a matter
of “personal philosophy” including under the principle that if you own
something, you ought to be able to tinker with it).
Apple typically makes devices hard to access by researchers.
Debugging work requires using specialist cables and developer-fused iPhones
which can go for $2,000 and $20,000 respectively on the grey market. It is
suing Corellium, an iOS virtualisation provider, for breach of copyright.
Unc0ver say this is the first jailbreak tool featuring a
zero-day (previously unknown/unreported vulnerability) since 2015. On May 23
the hacker who uncovered the vulnerability, Pwn20wned, part of the Unc0ver
team, said users had crashed its website in a hurry to get their hands on the
tool.
Other jailbreak tools use one-day exploits which, according
to Unc0ver, were either patched in the next beta version or in the hardware.
As this exploit is a zero-day, in that Apple found out about
the bug through the tool’s release, it may be a while before the vulnerability
is fixed.
It is normally advisable to proceed with caution when using
this sort of tool as it will leave the device open to malware, however the
Unc0ver jailbreak “preserves security layers designed to protect your
information and your iOS device by adjusting them as necessary instead of
removing them” according to a statement released by the hacking team.
There has been a steady drumbeat of criticism building
around iOS security in recent months, with zero day broker Zerodium’s CEO among
those making his views known in no uncertain language.
Just last month an unpatched “zero-click” vulnerability in
iOS’s email system was uncovered and exploited in the wild targeting high
profile individuals in Germany, Israel, Japan, the US and Saudi Arabia.
In August last year Google’s Project Zero and Treat Analysis
group released research detailing a five unique iOS exploit chains, using a
total of 14 vulnerabilities; seven for Safari, five for the kernel and two
sandbox escapes.
End user computing solutions engineer at VMware Adam
Matthews explained just how easy it is to use this tool in a blog post
yesterday:
“I have tested ‘Unc0ver’, it works on my iPhone 6s and
iPhone 7 and takes less than 10 minutes. Any person who wants to do this, has a
Mac and can follow some basic instructions will be able to do this”.
Businesses should be aware of the threats from jailbroken
devices — particularly given the WFH/BYOD environment — which allow users to
install tools/applications from unofficial app stores, etc. Many tools let CISOs
and their teams detect jailbroken devices and automatically un-enroll them.
Comments
Post a Comment