iPhone hacking team renewed the jailbreak tool that can unlock even the latest models running 13.5 iOS versions
The team that develops unc0ver jailbreaking tool released the new 5.0.0 version of the software that unlocks every single iPhone. Developers call these tools the first zero-day jailbreak released since iOS 8 version. Jailbreaking is the privilege escalation that word by exploiting bugs in the operating system to get root access and full control of the device.
There is no particular information about the vulnerability that gets exploited to develop this version, but the extensive testing from the developers ensure compatibility with a range of iOS versions. This bug can be used on iPhone 5S to the iPhone 11 Pro Max models and affect all versions from 11.0 to 13.5. The only exclusions are 12.3, 12.3.2, 12.4.2, and 12.4.5.
The new zero-day tool can impact every iPhone released since 2013. It means that alt least 900 million iPhones actively used at the moment can be vulnerable to other attacks. The jailbreaker can hide all traces of its access into the iOS core code and run behind the iOS or iPadOS security. It is not expected to get a fix for the bug anytime soon since.
Jailbreaking opens the door to all kinds of malware attacks
This process allows iOS users to remove various software restrictions, so access to additional customization and prohibited applications is allowed. Unfortunately, these operations significantly weaken the security of the machine and open the possibility for various malware infiltration. There are many people who want to use all the software that is restricted to security, as Apple states.
Jailbreaks can be exceptionally specific and use previously exploited vulnerabilities, so the severity of the attack depends on the iPhone model and particular iOS version. It can ensure the attacker that the exploit is successfully replicated. This jailbreaker may last long, but not forever, since Apple is working on patches for the possible issues. The hacker team believes that they have at least three weeks before anything can get patched, especially when the interest in this hacking tool broke the website due to the traffic.
Apple denies that hackers exploited any critical flaws
This incident comes out at the worst time for Apple because other vulnerabilities were exposed. iOS mail vulnerability that affected every iPhone ever released was reported by ZecOps. These flaws were actively used to target users and mail clients, so hackers may have possibly stolen sensitive information. The Apple company still managed to claim that the existence of vulnerabilities created no danger for customers.
The broker for exploits stated last week that there are too many iPhone RCE vulnerabilities, so Zerodium will no longer buy those for at least a few months. The same Pwn20wnd hacker that is behind the newest jailbreaker had exploited SockPuppet flaw that made headlines for being the first time when up-to-date firmware was unlocked in the past few years.
While there are no jailbreaker reports that could state particular flaws exposed by unc0ver, Apple needs to find a way to patch the issue and release the security update as soon as possible. In the meantime, Unc0ver 5.0.0 can be installed from the official website and run from iOS, MacOS, Linux, or Windows devices.