Apple Vulnerabilities, Incomplete Fixes Allow IOS 7.1.2 Jailbreak

Security researchers at the Georgia Tech Information Security Center (GTISC) have discovered a way to jailbreak current generation Apple iOS devices (e.g., iPhones and iPads) running the latest iOS software. The jailbreak, which enables circumvention of Apple's closed platform, was discovered by analyzing previously patched vulnerabilities with incomplete fixes. It shows that quick workarounds mitigating only a subset of a multi-step attack leave these devices vulnerable to exploitation. Patching all vulnerabilities for a modern, complex software system (i.e., Windows and iOS) is often difficult due to the volume of bugs and response-time requirements.

Security researchers at the Georgia Tech Information Security Center (GTISC) have discovered a way to jailbreak current generation Apple iOS devices (e.g., iPhones and iPads) running the latest iOS software. The jailbreak, which enables circumvention of Apple's closed platform, was discovered by analyzing previously patched vulnerabilities with incomplete fixes.

It shows that quick workarounds mitigating only a subset of a multi-step attack leave these devices vulnerable to exploitation. Patching all vulnerabilities for a modern, complex software system (i.e., Windows and iOS) is often difficult due to the volume of bugs and response-time requirements.

"Our work shows that software vendors must patch all publicly disclosed threats, as they may be exploited in other, equally disruptive attacks," said Yeongjin Jang, one of the Ph.D. students who led this study.

During Black Hat USA, the GTISC research team will disclose the process for jailbreaking the current version of iOS (7.1.2) on any iOS device, including the iPhone 5s.

"We start by finding new ways to exploit vulnerabilities with incomplete patches," said Tielei Wang, a GTISC faculty member who worked closely with Jang as lead of the project. "Then, we use those vulnerabilities to discover new avenues of attack. We'll detail these vulnerabilities and the exploit techniques that we developed."

A Georgia Tech team that includes Ph.D. students Yeongjin Jang and Byoungyoung Lee, and research scientists Tielei Wang and Billy Lau discovered the jailbreak.

Source: Georgia Institute of Technology
Old NID
141783
Categories
Technology
By News Staff in News Articles on .

Categories

Latest reads

Article teaser image

No, Trump’s Executive Orders Can’t Cancel Your Rights.

Donald Trump does not have the power to rescind either constitutional amendments or federal laws by mere executive order, no matter how strongly he might wish otherwise. No president of the United…
Article teaser image

The US Discourages Pregnant Women From Drinking Alcohol - Vegetarian Diets Are Worse

The Biden administration recently issued a new report showing causal links between alcohol and cancer, and it's about time. The link has been long-known, but alcohol carcinogenic properties have been…
Article teaser image

In British Iron Age Culture, Margaret Thatcher Was The Norm

In British Iron Age society, land was inherited through the female line and husbands moved to live with the wife’s community. Strong women like Margaret Thatcher resulted.That was inferred due to DNA…