Jailbreaking threat made possible to all iPhone models under risk as a vulnerability that Apple already been fixed.
Threat actors has updated a jailbreaking tool which allows to break through Apple’s security controls.
Where, Jailbreaking refers to privilege escalation on an Apple device to remove software restrictions imposed by Apple on:
- also, audioOS operating systems.
Typically it is done through a series of kernel patches.
However, On Sunday, a popular jailbreaking tool “unc0ver” with updated version v6.0.0, making it possible to unlock every(almost) iPhone models.
In addition, the compatibility expanded to jailbreak any device running
- iOS 11.0 through iOS 14.3
using a kernel vulnerability, including:
- iOS 12.4.9-12.5.1
- iOS 13.5.1-13.7
- also, iOS 14.0-14.3.
The flaw is a privilege escalation vulnerability in the kernel stemming from a race condition that could cause a malicious application to elevate its privileges.
In addition, the vulnerability actively exploited in the wild on:
- also, watchOS
However, successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application.
Also, an attacker gaining the same privileges as:
- the logged-on user
- or the bypassing of security restrictions
Pwn20wnd Own Exploit
“We wrote our own exploit based on CVE-2021-1782 for #unc0ver to achieve optimal exploit speed and stability,” Pwn20wnd said in a separate tweet.
Certainly, Apple has been one step ahead and has already fixed the vulnerability that’s used by the new jailbreak tool.
But, Apple did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them.
On the other hand, Zimperium CEO Zuk Avraham stated: