Site icon The Cybersecurity Daily News

Jailbreaking Tool ‘unc0ver’ using kernel vulnerability iOS compatible

Jailbreaking tool

CyberDaily: Cybersecurity news

The well-known jailbreaking tool “unc0ver” has been revised in a version for iOS compatibility after Apple came forward with a vulnerability that was being exploited back in January.

The designated name of the version is unc0ver v6.0.0 and was released on the 28th of February. The jailbreaking tool has inflated its compatibility to jailbreak any iOS device running through the versions of iOS 11.0 to iOS 14.3.

According to the jailbreaking tool developers, unc0ver uses a kernel vulnerability in the iOS systems, including the iOS 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3.

What is a Jailbreaking tool?

In Apple devices, jailbreaking refers to privilege escalation on an Apple device to remove software restrictions imposed by Apple on several of their devices running iOS. 

A privilege escalation occurs when a bad actor gains access to the privileges of another user account in the target system, in this case, the Apple iOS.

Generally, jailbreaking tools are utilized by employing a series of kernel patches. When successfully integrated, A jailbreaking tool gives admin access within the OS and provides the capacity to install apps or software that may not be not available in the iOS App Store.

In unc0ver’s case, the jailbreaking tool will be making it possible to unlock almost every iPhone device running the specified versions using the kernel vulnerability.

Apple vulnerability used by the Jailbreaking tool:

The particular flaw or vulnerability disclosed by Apple is named the  CVE-2021-1782 and is detected as a privilege escalation vulnerability.

This vulnerability in the system kernel, which is how the jailbreaking tool deploys its functioning, is a consequence of a race condition that can result in malicious software or application hoisting their privileges. 

Apple on use of jailbreaking tool:

Developers of the unc0ver jailbreaking tool determine that they wrote their exploit based on the CVE-2021-1782 vulnerability for the tool to obtain superlative exploit speed and stability.

Apple has since addressed the vulnerability and had patched the bug in their iOS and iPadOS 14.4 updates released back in January.

However, Apple did not fail to mention that the vulnerability may have been under active attack by threat actors.

Details regarding the exact impact of the vulnerability or revelations of the identities of hackers exploiting it have not been published by Apple as of yet.

From Apple’s aspect, the organization has implemented intense measures for making it difficult to use jailbreaking tools on iOS devices by locking down its hardware and software for security reasons.

This helps to counter and evade the possibilities of malware attacks.

Back in May 2020, unc0ver had released a jailbreak for iPhones operating on iOS versions 11 to 13.5 by harnessing the memory consumption vulnerability in the system kernel.

However, Apple promptly patched the vulnerability and released the updated iOS 13.5.1 in a couple of days to forestall the malicious exploitation of the vulnerability. 

Exit mobile version