Macmobile OSMobilitySecurityWorkspace

iOS 6 Jailbreak Emerges As Apple Patches Mac OS X

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Google + Linkedin Subscribe to our newsletter 1 Comment

iPhone 5 users can finally upload non-approved software

A jailbreak has finally emerged for iOS 6, covering the latest release of the mobile operating system and the iPhone 5, whilst Apple has released a security update for another one of its major products. Mac OS X.

Hackers have been working hard to open Apple’s walled-off iOS to run non-approved software, but, until this week, to no avail. Security experts said that iPhone users are not in danger of having their phones jailbroken when they aren’t looking:  it requires an iOS device to be both unlocked and connected via USB to a PC. There is, however, a possibility that malware from a PC could conceivably jailbreak a connected phone and do nasty things.

Fresh jailbreak

iphone3gs-jailbreak-windows

A new tool called “evasi0n” does the nitty gritty of the jailbreak. “All of the stages use functionality on the phone exposed by MobileBackup, the daemon used to backup user data from the device, and restore backups back to the device,” explained security company Accuvant Labs, in a blog post.

“Since backups are created by the user’s device, and must be interchangeable between devices, they cannot be easily cryptographically signed, so they are essentially untrusted data.

“Evasi0n is interesting because it escalates privileges and has full access to the system partition all without any memory corruption.”

The creators of the tool recommended users backup their device using iTunes or iCloud, before running evasi0n. Users who want the jailbreak have to disable the lock passcode of their OS device. The whole process should only take five minutes and is currently compatible with Windows XP and upwards, Mac OS X 10.5 and upwards and Linux systems.

Given how quickly Apple has moved in the past to shut off jailbreak functionality, keen users might want to get moving now.

Meanwhile, Apple has addressed three flaws in the server platform it distributes with Mac OS X. All three could have allowed a remote attacker to execute code on a target system.

Two of the flaws related to an issue in how Ruby on Rails handled XML parameters, Apple said in its advisory. Another related to a problem with Ruby on Rails’ handling of JSON (JavaScript Object Notation) data.

How well do you know Apple? Try our quiz!