iOS hacker and Twitter troll Stefan Esser aka i0n1c has made public all unpatched vulnerabilities in iOS. Here’s how they can be used to develop a jailbreak.
Table of Contents
i0n1c makes public “bad-bad-apple”
bad-bad-apple is a project by i0n1c that makes public all insufficiently patched security vulnerabilities in iOS, macOS, and OSX.
Although Apple did patch these bugs, some of them were not properly patched. This means the vulnerability still exists in future firmware versions.
At the time of writing, the list contains bugs in iOS 6.0 to iOS 10.0.2. The hacker also aims to add more security bugs in newer firmware versions.
Upon careful examination, it does reveal some interesting tidbits about iOS 10 firmware. What’s striking that Apple never truly fixed the PEGASUS Infoleak vulnerability (CVE-2016-4655), they only killed a part of it.
i0n1c even used this particular bug to develop his own iOS 9.3.5 jailbreak. This means a hacker could still utilize it by making right edits.
While i0n1c creates a lot of unnecessary drama within the community, this is indeed a good initiative.
It will only help upcoming hackers and existing hackers to stay informed about iOS vulnerabilities.
Why are these vulnerabilities important?
These security vulnerabilities are very important. Why? Because they will allow hackers to use them along with publicly available exploits to create jailbreaks.
These bugs can also make existing tools much more powerful than before.
According to me, he might be actually doing this to return to active jailbreak development.
Since new devices and firmware are coming up, this is the right time for old school developers to make a comeback.
He could also be doing this to get in the good books of the jailbreak community after his Kickstarter campaign bombed.
What do you think? Will he actually make a comeback or keep on with his antics on Twitter? Let us know in the comments section below.
To help i0n1c with his research, you can shoot an email to him at this address – badbadapple(at)antid0te(dot)com.