Sunday, November 27, 2011

Hackers Releases Vulnerabilities Collection Tool for the Untethered Jailbreak

Yesterday, we finally received an update on greenpois0n.com, however, not the sound of untethered Jailbreak for iOS 5, but a a tool to collect crash reports from iOS devices. After months race with Apple, and all  the Chronic Dev-Team start to ask help from the public in order to find vulnerabilities that could lead to an untethered jailbreak.
Addressing preliminary reports that the Chronic Dev-Team would have a jailbreak ready for iOS 5, p0sixninja says that Apple closed several exploits before the final version of the software was released.
"I was excited to announce that the Chronic Dev team had already discovered 5 different exploits for use in our upcoming jailbreak. Unfortunately, that announcement was a bit premature, because in the subsequent weeks, Apple found & patched a (critical) few of those exploits, between the beta versions we used for testing and the final release of iOS5 on October 12."
In order to find more vulnerabilities as fast as possible, the team has developed a tool which will copy the crash reports from your device and analyze them to locate potential exploits. The tool will also remove the crash reports from your device and modify your iTunes installation to prevent uploading of that diagnostic information to Apple.
"The program copies all the crash reports off your device (which, under normal circumstances, would be sent right back to Apple), and instead sends this data to a secure, private server hosted by your friendly Chronic Dev team. Next, our program proceeds to neuter your copy of iTunes, simply by changing your settings to prevent your computer from sending any further diagnostic information from your device to Apple.
Using this agglomeration of your crash reports and our ninja skills, Chronic Dev will be able to quickly pinpoint vulnerabilities in various programs by using the same techniques Apple currently employs. At the very least, your data will help point us in the direction of which applications are the most vulnerable, so we can focus our time & energy on these with laser-like intensity. And, of course, this will also prevent Apple from accessing all your valuable data, just so they can then turn around and use it against you."
You can download the Mac and Windows versions of CDevReporter from here:
● cdev_reporter-mac-1.0_beta.zip
● cdev_reporter-win-1.0_beta.zip
To use the application, simply plug in your iOS device, launch the app, and click the Do It! button.
Seems the battle between hackers and Apple is on now. It remind me the story hacker 0xcharlie reported security flaw of iOS but was kicked out from iOS Developer program. I remember he said "I miss Steve."

No comments:

Post a Comment