News tagged ‘exploit’

Famous hacker I0n1c has just announced the successful jailbreak of iOS 5.1 on the iPad 2. He posted several prove pictures on Twitter.

No details yet, no dates for utilities and etc. No info whether this is jailbreak is untethered or not.

Read the rest of this entry »

Gevey has announced the Gevey Ultra S SIM interposer which unlocks iPhone 4S without the need for dialing 112 or jailbreaking. The makers claim to be using a new exploit that 'fully unlocks' the device.

Pre-Order ONLY (Shipping ETA Between March 3-March 7)

GEVEY Ultra S for GSM iPhone 4S

• No Need to Dial International Emergency Number 112
• Untethered Unlock with no Jailbreak Required
• Compatible with all GSM iPhone 4S SIM Cards (Does not work on CDMA iPhone)
• Complete Unlock with all 2G and 3G data services
• No SIM Card Cutting or Physical Modifications
• Works on iOS 5.0, 5.0.1
• Works on Baseband 1.0.11, 1.013, 1.0.14
• Guaranteed Better Reception than Previous
• Decreased Power Consumption

Gevey Ultra S is available for $54.99 here.

Take a look at video demonstration:

Read the rest of this entry »

Yesterday the iPad had been pulled from sale at online retailers Amazon China and Suning.com. The Wall Street Journal now reports that the iPad had been removed at Apple's request rather than as a result of actions associated with the trademark dispute, but Apple's reasons for the request were unknown. However, Apple may request that Amazon China remove the iPad from sale, simply due to Amazon China not being an officially authorized retailer.

The Cupertino, Calif., consumer electronics giant asked Amazon in China to stop selling iPads because it is not an authorized reseller, according to people familiar with the matter. Amazon has since removed iPads offered by other resellers on its Chinese website as well.

Read the rest of this entry »

Swagg Security hacking group announced this week that they managed to hack Foxconn servers that expose usernames and passwords for clients and employees. Such information could be used to place fraudulent orders for companies like Apple and Microsoft.

Swagg Security alleged that it had bypassed Foxconn's firewall "almost flawlessly." Using several hacking techniques and a couple of days time, the hackers reportedly dumped "most of everything of significance," including usernames and passwords. According to the group, the leaked passwords "could allow individuals to make fraudulent orders under big companies like Microsoft, Apple, IBM, Intel, and Dell."

Read the rest of this entry »

iH8sn0w has released new version of popular jailbreak utility Sn0wBreeze 2.9. Sn0wbreeze is used to create a custom firmware with jailbreak and preserve iPhone modem (baseband) version for unlock. New version 2.9 adds support for untethered iOS 5.0.1 jailbreak as well as support for all firmwares supported by previous versions of sn0wbreeze.

For now Sn0wBreeze 2.9 supports untethered jailbreak for iOS 3.1.3, 3.2.x, 4.0.x, 4.1, 4.2.1 - 4.2.8, 4.3 - 4.3.3 and 5.0.1. Supported devices are: iPhone 2G, iPhone 3G, iPhone 3GS, iPhone 4, iPad 1, iPod Touch 2G, iPod Touch 3G, iPod Touch 4G.

Read the rest of this entry »

It looks like iPad 2 and iPhone 4S untethered jailbreak will truly be a team effort. Recently another hacker Saurik joined the team and made "some major contributions" yesterday.

Last week Pod2g announced that Planetbeing, MuscleNerd, and P0sixninja joined his effort to release an untethered iOS 5.0.1 jailbreak of the iPhone 4S and iPad 2 (A5 CPU devices).

Today, MuscleNerd noted that the team has received some major contributions from saurik:

Read the rest of this entry »

Pod2g has recently announced that Planetbeing, MuscleNerd, and P0sixninja have joined his effort to release an iOS 5.0.1 untethered jailbreak for the iPhone 4S and iPad 2.

@planetbeing, the legendary hacker behind iPhone Linux and lot of jailbreaks has joined the A5 research! The famous @MuscleNerd, the leader of the iPhone Dev Team, who did a lot of tests for Corona and whom integrated it and made it simple in redsn0w is willing to help also. And last, but not least @p0sixninja, the leader of the Chronic Dev Team, and my partner for years on iPhone security research has started to code and fuzz the Apple sandbox.

That means that we now have a dream team to create a public release of the A5 jailbreak.

Read the rest of this entry »

iPhone Dev-Team released RedSn0w 0.9.9b9 with full iOS 5.0.1 support (no need to point to iOS 5.0 any more). New version also features support for SHSH and APTickets:

• native support for 5.0.1 (no need to point redsn0w at 5.0 IPSW or use command-line args).  Support automatically extends to all of redsn0w’s various functions: “Jailbreak”, “Just boot”, “Fetch blobs”, “Stitch blobs”, “Recovery Fix”
• iBooks fixed in 5.0 and 5.0.1.  This is a targeted fix that doesn’t remove entire sandbox mechanism.  5.x users already using redsn0w “Just Boot” can just use the new version without redoing entire jailbreak again
• 3GS old-bootrom owners can now create custom IPSWs without blobs
• ultrasn0w compatability update (i.e. same baseband requirements) for 5.0.1 will be available on Cydia Monday
• support for newer 8GB iPhone4 (which until now had problems with “Fetch blobs”).  Thanks to @JKjeepnJeff for loaning us one of these newer i4 units for testing!
• allows Windows users (not just OS X users) to use the “Custom” button to create IPSWs without baseband updates.  (Update: please wait for 0.9.9b9b for this!)
• accommodates APTickets in 5.x (until next Apple countermove).  APTickets are crypto-verified before submitting to Cydia, just like the main blobs.  Cydia server support for sending back the APTickets is upcoming.  For now, use stitched IPSWs for 5.x.  Due to APTickets, stitched 5.x IPSWs now require user to start in “Pwned DFU” mode
• Support added for stitching 4.x blobs to iPad2-GSM IPSWs.  Similar to @notcom’s TinyCFW but doesn’t require lots of RAM or a TSS-assisted restore. Won’t work for iPad2 5.x blobs (or iPhone4S at all) until a bootrom-level exploit is out
• top line now shows whether (and where) a redsn0w update is available, or if the version being run is the latest.  Uses DNS TXT record to alleviate any concerns about snooping
• no 5.1 beta support at this time (major apps like Cydia are not yet compatible)
• @pod2g has been doing a great job porting his 5.x untether…check his blog for updates!
• Owners of newer 3GS iPhones must not flash the iPad baseband.  The iPad baseband will not work on 3GS iPhones built later than 2011 week 35.  You have a week 35 or later device if your serial # starts with xx135.

Update #17b: Version 0.9.9b9b enables the “Custom” button for Windows users, and make the 3GS week 35 warning a more explicit part of the process.

You can download RedSn0w 0.9.9b9b here.

UPDATE: redsn0w updated to redsn0w 0.9.9b9d.

Read the rest of this entry »

Chronic Dev Team is almost done with a much anticipated untethered jailbreak for iOS 5 and iOS 5.0.1. Team member and French hacker pod2g just released a video showing off the jailbreak. It looks to be near-complete and functioning properly. Take a look:

pod2g even created a blog, where he plans to post the most recent news about his progress:

Read the rest of this entry »

The Chronic Dev-Team has released CDevReporter, their new tool that lets you help find jailbreak vulnerabilities, for Windows.

You can download the Mac and Windows versions of CDevReporter here:

• cdev_reporter-mac-1.0_beta.zip
• cdev_reporter-win-1.0_beta.zip

More information is available in our recent post "Want untethered iOS 5 jailbreak? Help hackers to find new exploits!".

Semi-tethered jailbreak is already available for some devices for both iOS 5 and iOS 5.0.1. But we all want untethered jailbreak and we want jailbreak for iPad 2 and iPhone 4S. So why not help hackers to find new exploits and vulnerabilities?

The Chronic Dev-Team has a released a tool to collect crash reports from iOS devices in order to find vulnerabilities that could lead to an untethered jailbreak.

The idea is very simple. When your iPhone, iPad or iPod Touch crashes it sends data to Apple (you can turn it this off though). Apple uses these reports to update iOS in the future. By the way, it also uses them to fix exploits found by jailbreakers. P0sixninja says that Apple closed several exploits they have found in IOS 5 beta before the final version of the software was released.

In order to find more vulnerabilities as fast as possible, the team has developed a tool which will copy the crash reports from your device and analyze them to locate potential exploits. The tool will also remove the crash reports from your device and modify your iTunes installation to prevent uploading of that diagnostic information to Apple.

Read the rest of this entry »

A team of developers called Applidium has announced that they managed to investigate how Siri, exclusive service available on the iPhone 4S, talks to Apple servers. Applidium notes that iPhone 4S uses standard HTTPS network requests to communicate with Apple's servers, but sends data using an "ACE" command rather than regular web GET requests. Moreover, each Siri request involves a unique identifier based on UUID. Such identifier prevents access of unauthorized devices to Apple’s servers. User’s requests are compressed with the Speex audio codec optimized for VoIP. Applidium discovered that iPhone, to provide Siri’s voice recognition, should support at least Siri's basic voice recognition features, but Apple doesn’t plan to port such capabilities on earlier iOS 5 models.

So far, Applidium's investigation has revealed that Siri packages requests in compressed property lists, but further exploration of the protocol is hampered by a number of issues, including the complexity of requests, the fact that they are tied to a hardware key, and that they are subject to change.

Noteworthy, Apple could at any time stop supporting a particular hardware identifier, if it is suspected of being used to exploit its servers, and change way of data transmitting.

Applidium says "anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad!" But you will need a real unique user key of an actual iPhone 4S.

Apple has recently released iOS 5.0.1. It is still tethered jailbreakable. However if you want untethered jailbreak or unlock - you should stay away from 5.0.1

Earlier this week pod2g reported that a code signing bug found in iOS 5.0 will make it easier for hackers to develop a full jailbreak for iOS 5 firmware version. That bug might have been closed in iOS 5.0.1. UPDATE: According to pod2g the bug is still present, but harder to exploit because another exploit found by Charlie Miller is fixed in iOS 5.0.1.

Also, MuscleNerd via twitter has warned iOS users that there is no downgrade from iOS 5.0.1 to iOS 5.0 yet and he recommends to wait until downgrade mechanism is available.

Jailbreakers and unlockers should avoid today's 5.0.1 until a flow for downgrading to 5.0 is developed.

Downgrade flow needs to be modified for AP "nonce" http://is.gd/b3G0io ... saved SHSH blobs are not enough to downgrade to 5.0

Video where Miller demonstates this exploit

According to Forbes, security specialist Charlie Miller has found an exploit on iOS devices, which allows developers to put malware apps onto the App Store without detection. These malware apps can be used to steal user’s contacts, photo and other information, play a ringtone, make the device vibrate and more at any time the developer chooses.

Read the rest of this entry »

Hackers from the Chronic Dev Team recently announced that they have found 5 userland exploits in iOS 5. To us this means that it is very likely that an untethered jailbreak will be available for the upcoming firmware release.

P0sixninja made the announcement at MyGreatFest jailbreak conference held in London, England.

While this is a "record breaking number of exploits found", userland exploits can be easily fixed via a minor software update. The exploits are kept in secret, so hopefully Apple won't fix them before the expected iOS 5 launch next month.

The jailbreak is expected for all devices, including iPhone 3GS, iPhone 4, iPad, iPad 2, iPod Touch and even future iPhone 4S and iPhone 5.