New 'unc0ver' Tool Jailbreaks All iPhones Running iOS 11.0-14.3, Exposes Vulnerability

New ‘unc0ver’ Tool Jailbreaks All iPhones Running iOS 11.0-14.3, Exposes Vulnerability

An update to a well-known jailbreaking tool called “unc0ver” supports iOS 14.3 and earlier which means one can unlock almost any iPhone model. The tool uses kernel vulnerabilities, including iOS 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3.

Apple knows about these vulnerabilities and, in fact, it reported in January that they are actively exploited in the wild.

Jailbreaking is a popular way to walk around the manufacturer’s limitation set for the device. Similar to rooting on Android, it involves a privilege escalation that exploits flaws in iOS and grants users root access. This basically means that one can have the freedom to do whatever they want with their iOS device like perform additional customizations and install prohibited apps.

The latest unc0ver v6.0.0 release appeared on Sunday with added compatibilities to jailbreak any device running iOS 11.0 – iOS 14.3 using a known vulnerability.

One flaw, tracked as CVE-2021-1782, was a privilege escalation vulnerability in the kernel that can allow a malicious application to elevate its privileges.

“We wrote our own exploit based on CVE-2021-1782 for #unc0ver to achieve optimal exploit speed and stability,” Pwn20wnd said in a tweet confirming that “unc0ver” successfully abuses known vulnerabilities.

The vulnerability has since been patched by Apple in iOS and iPadOS 14.4 updates on January 26, 2021. The company admitted that iPhones might have been hit by attacks before the patch. Apple did not say how widespread the attack was or who the attackers have been.

Apple has been working to make it difficult to jailbreak its devices in order to counter malware attacks, the company says. And it’s true that the vulnerabilities can be exploited by bad actors using a jailbreaker tool like “unc0ver.”

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.