You Can Now Jailbreak iOS 16.4.1 with Palera1n 2.0.0 Beta 6
Codenamed Bakepale, the latest v2.0.0 beta 6 update to jailbreak tool Palera1n has just been released, which fully supports iOS 16.4 - iOS 16.4.1 jailbreak.
Pod2g Asks For Your Help to Find Exploits to Jailbreak iOS 5.1
Two heads are better than one, right? Pod2g thinks so, as he has just posted some guidelines on how you can help the jailbreak community by sending in crash reports to discover vulnerabilities in iOS 5.1. Pod2g was the master behind the untethered iOS 5.0.1 A4/A5 jailbreaks. Earlier, he noted he working on finding a solution to jailbreak iOS 5.1. Now he wants your help.
To jailbreak a device, hackers need a set of exploitable vulnerabilities :
- a code injection vector : a vulnerability in the core components of iOS that leads to custom, unsigned code execution.
- a privilege escalation vulnerability : it’s usualy not enough to have unsigned code execution. Nearly all iOS applications and services are sandboxed, so one often need to escape from the jail to trigger the kernel exploit.
- a kernel vulnerability : the kernel is the real target of the jailbreak payload. The jailbreak has to patch it to remove the signed code enforcement. Only the kernel can patch the kernel, that’s why a code execution vulnerability in the context of the kernel is needed.
- an untethering vulnerability : when the device boots, it is unpatched, thus cannot run unsigned code. Thus, to start the jailbreak payload at boot time, a code execution vector either in the services bootstrap or in the loading of binaries is mandatory.
You can help if you can crash either a core application (Safari, Mail, etc…) or the kernel in a repeatable way. A kernel crash is easy to recognize : it reboots the device.
@Pod2g wants you to test on the latest version of iOS 5.1, not report crashes to Apple (disable sending of diagnostics in Settings), crashes should be repeatable, and you should note the steps on how to reproduce it. He also says:
- Not all crashes are interesting : aborts, timeouts or out-of-memory kind of crashes are useless. Verify the crash dump in Settings / General / About / Diagnostics & Usage / Diagnostic & Usage Data that the crash report you created is of Exception Type SIGILL, SIGBUS or SIGSEV.
You can send these in to ios.pod2g ‘at’ gmail ‘dot’ com with the crash report and steps on how to reproduce it.
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
Other articles in the category: Jailbreak
How to Jailbreak iOS 9.3.3 with Pangu, No Computer Required [VIDEO]
iOS 9.3.3 has been jailbroken, folks.
Pangu Shows Off First iOS 10 Beta Jailbreak
Pangu shows off first beta of iOS 10 jailbreak.
Bring back the Dev-team crash reporter from iOS 5.0!
It’s great that they ask for help, but in general jailbreaking is exactly the same as it was several years ago, a constant cat and mouse game. It’s getting old, and I think the jailbreak community has to innovate a little if they want to survive, especially as apple adds more features. Maybe a way of exploiting the iOS update mechanism to update to a higher version through a jailbreak? I don’t know enough of how these things work, but everytime there’s an update it takes more will power not to just lose the jailbreak. Jailbreak needs to go a little more mainstream… better online help is required, as is a major cydia cleanup.
Hey mr pod2g or muscle nerd please work on something we all are looking towards? I mean ultrasn0w for iPhone 4s… Right guys … What u say
110% with Jasonxx8, who cares abt 5.1, pls work on unlock iphone 4s. even if it means we have to pay for this.