top | item 46886958

(no title)

quenix | 26 days ago

Forget OS updates. The biggest obstacle to exploit persistence: a good old hard system reboot.

Modern iOS has an incredibly tight secure chain-of-trust bootloader. If you shut your device to a known-off state (using the hardware key sequence), on power on, you can be 99.999% certain only Apple-signed code will run all the way from secureROM to iOS userland. The exception is if the secureROM is somehow compromised and exploited remotely (this requires hardware access at boot-time so I don't buy it).

So, on a fresh boot, you are almost definitely running authentic Apple code. The easiest path to a form of persistence is reusing whatever vector initially pwned you (malicious attachment, website, etc) and being clever in placing it somewhere iOS will attempt to read it again on boot (and so automatically get pwned again).

But honestly, exploiting modern iOS is already difficult enough (exploits go for tens millions $USD), persistence is an order of magnitude more difficult.

discuss

unknown|25 days ago

[deleted]

doublerabbit|26 days ago

It's why I keep my old iPhone XR on 15.x for jail breaking reasons. I purchased an a new phone specially for the later versions and online banking.

Apple bought out all the jail breakers as Denuvo did for the game crackers.

noname120|26 days ago

> Apple bought out all the jail breakers > Denuvo did for the game crackers

Do you have sources for these statements?