Researchers Jailbreak iOS 14.3Tool Enables Loading of Unofficial Apps
A team of security researchers has released a new jailbreak for iOS 14.3 and previous versions that enables users to install and tweak unofficial apps outside Apple’s security protections.
Jailbreaking iPhones involves circumventing security imposed by Apple and carriers such as AT&T to enable installation of apps not sold on Apple's App Store.
The unc0ver.dev researchers who released the jailbreak procedure note that it exploits the flaw CVE-2021-1782, which affects iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch. Apple recently issued a patch for the flaw.
In January, Apple noted that CVE-2021-1782 is one of the three vulnerabilities in iOS 14.4 and iPadOS 14.4 that hackers were exploiting. The vulnerabilities can enable hackers to elevate privileges using malicious applications.
We wrote our own exploit based on CVE-2021-1782 for #unc0ver to achieve optimal exploit speed and stability.— @Pwn20wnd (@Pwn20wnd) February 25, 2021
Apple did not immediately respond to Information Security Media Group's request for comment.
"By targeting CVE-2021-1782, hackers can obtain access deep into the underlying operating system," says Chris Hauk, consumer privacy champion at U.K.-based security firm Pixel Privacy. "Luckily, Apple fixed the bug in iOS 14.4 [with a patch] released last month. The flaw can allow a malicious iOS app to gain additional privileges over the device. This could be used to install malware on an iOS device."
Earlier, the same set of security researchers released a tool for jailbreaking the operating systems iOS 11 to iOS 13.5, which took advantage of a flaw patched by Apple last year.
In 2019, Apple patched another flaw, which it accidentally reintroduced on iOS 12.2 and some prior versions of the operation system. That flaw also enabled iOS enthusiasts to jailbreak their devices (see: Apple Patches Reintroduced Flaw That Enabled Jailbreaking).
Bug Bounty Program
Apple has been trying to get researchers to report flaws directly and quietly through its bug bounty program that pays researchers for the type of information that could be used for a jailbreak. Apple dramatically increased the payouts on offer in August 2019 and began allowing anyone to participate (see: Apple Expands Bug Bounty; Raises Max Reward to $1 Million).
"It is a constant game of electronic cat and mouse between Apple and hackers (including jailbreakers). As new exploits are discovered by hackers and jailbreak enthusiasts, Apple scrambles to plug the security holes," Hauk says. "While I don't recommend jailbreaking an iOS device, as it leaves a user open to attacks and hacks that they would usually not need to worry about, I will admit that the jailbreaking scene has a nice side effect when it comes to security, as Apple uses information from the jailbreak scene to improve the security on their devices."