Application Security , Next-Generation Technologies & Secure Development

Researchers Jailbreak iOS 14.3

Tool Enables Loading of Unofficial Apps
Researchers Jailbreak iOS 14.3

A team of security researchers has released a new jailbreak for iOS 14.3 and previous versions that enables users to install and tweak unofficial apps outside Apple’s security protections.

See Also: Live Webinar | Software Security: Prescriptive vs. Descriptive

Jailbreaking iPhones involves circumventing security imposed by Apple and carriers such as AT&T to enable installation of apps not sold on Apple's App Store.

The unc0ver.dev researchers who released the jailbreak procedure note that it exploits the flaw CVE-2021-1782, which affects iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch. Apple recently issued a patch for the flaw.

In January, Apple noted that CVE-2021-1782 is one of the three vulnerabilities in iOS 14.4 and iPadOS 14.4 that hackers were exploiting. The vulnerabilities can enable hackers to elevate privileges using malicious applications.

Apple did not immediately respond to Information Security Media Group's request for comment.

"By targeting CVE-2021-1782, hackers can obtain access deep into the underlying operating system," says Chris Hauk, consumer privacy champion at U.K.-based security firm Pixel Privacy. "Luckily, Apple fixed the bug in iOS 14.4 [with a patch] released last month. The flaw can allow a malicious iOS app to gain additional privileges over the device. This could be used to install malware on an iOS device."

Earlier, the same set of security researchers released a tool for jailbreaking the operating systems iOS 11 to iOS 13.5, which took advantage of a flaw patched by Apple last year.

In 2019, Apple patched another flaw, which it accidentally reintroduced on iOS 12.2 and some prior versions of the operation system. That flaw also enabled iOS enthusiasts to jailbreak their devices (see: Apple Patches Reintroduced Flaw That Enabled Jailbreaking).

Bug Bounty Program

Apple has been trying to get researchers to report flaws directly and quietly through its bug bounty program that pays researchers for the type of information that could be used for a jailbreak. Apple dramatically increased the payouts on offer in August 2019 and began allowing anyone to participate (see: Apple Expands Bug Bounty; Raises Max Reward to $1 Million).

"It is a constant game of electronic cat and mouse between Apple and hackers (including jailbreakers). As new exploits are discovered by hackers and jailbreak enthusiasts, Apple scrambles to plug the security holes," Hauk says. "While I don't recommend jailbreaking an iOS device, as it leaves a user open to attacks and hacks that they would usually not need to worry about, I will admit that the jailbreaking scene has a nice side effect when it comes to security, as Apple uses information from the jailbreak scene to improve the security on their devices."


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent

Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority-rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.