iOS 12 jailbroken hours after release by Alibaba’s cybersecurity division
Security researchers said the exploit remained in effect after restarting the iPhone X
Alibaba’s cybersecurity division claims it’s successfully jailbroken iOS 12, just hours after Apple released its new system upgrade to the public.
(Abacus is a unit of the South China Morning Post, which is owned by Alibaba.)
A video posted on their Weibo account shows the team launching a jailbreaking app on an iPhone X running iOS 12. The team proceeded to to restart the phone. After a pause, a pop-up screen appeared, saying the phone “is pwned” -- confirmation that the jailbreak remained in effect. The video shows the iPhone unlocking without the use of a passcode or Face ID.
The team, called Pandora Lab, says it’ll work with Apple to patch the flaw. We’ve reached out to Apple and will update if we hear back.
Jailbreaking is the act of hacking into iOS so that users can install any app, even if it wasn’t approved by Apple. It was popular in the early days of the iPhone, when the device was devoid of any third-party apps. Jailbreaking allowed people to do way more on their handsets, like playing games -- features we now take for granted on our smartphones.
With the eventual arrival of the App Store, as well as improved iOS security, jailbreaking saw a rapid downturn. Last year, hacker Nicholas Allegra declared jailbreaking “basically dead”. Today, it’s more often done by white hat hackers probing for vulnerabilities.
Alibaba’s Pandora Lab isn’t the first that claims to have hacked into iOS 12, which was first unveiled at Apple’s annual developers’ conference back in June. A member of Tencent’s Keen Security Lab managed to jailbreak an iPhone X running a beta version of iOS 12, and went on to open Cydia -- an unauthorized app store only accessible on jailbroken Apple devices.
iOS 12 does come with a number of new security features. For instance, it will lock out all USB-connected accessories if you haven’t unlocked an iPhone for over an hour. It’s designed to discourage brute force attacks, where a hacker keeps entering potential passwords until the account is compromised.