“Gartner Listed - mobile application security guide”

February 27, 2017

Jailbreaking iOS

As Apple continues to improve iOS app security and security patches in its iOS 10.2.1, hackers are still trying to find ways to jailbreak iOS devices and use new iOS app security testing techniques and are now waiting for updates on iPhone 7 and iPhone 7 plus. The latest 10.2.1 update was launched on Jan 23rd and after two days a delay in release was announced for 10.2 jailbreak by the Pangu team. The well known 19 year old Italian hacker Luca Todesco, who is known or being one of the earliest hackers of iOS Apple releases, is yet to shre his thoughts on the latest iOS 10.2.1 update.

With the recent security patches released by the Apple for iOS app security, it is proving more difficult for hackers to exploit vulnerabilities on the operating system. Most of the jailbreakers have also not given any reasons for why there is a delay in the release of new jailbreak tools. Luca Todesco, on the other hand, has announced that the jailbreaking tool on which he is currently working will not be able to support iPhone 7 and iPhone 7 Plus, according to a post by TNH Online.

Todesco has so far released the beta version of his iOS 10.2 jailbreak tool known as Yalu102. iOS device users have been advised to save SHSH2 blobs in order to keep the jailbreak. This will allow them to keep the older installed jailbreak versions even when there is a new iOS update. Another way in which the lifespan of a jailbreak can be prolonged is by blocking operating systems updates. Because of this setting, iOS devices will not be able to download and install new versions of iOS and thus will be able to keep their jailbroken versions for long.

Having said that, Apple has also already made its 10.3 beta version available to developers.

Codified Security is here to help make your mobile app secure whether it’s for iOS app security testingAndroid app security testing, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.