According to 9to5Mac, a Russian hacker has published a relatively simple method that allows users to obtain in-app purchases from many iOS apps for free.
The method, which doesn’t require a jailbreak, involves installation of two certificates on the user’s iOS device and changing DNS entry in wi-fi settings. Then users can perform purchases of in-app content as usual.
The iPhone Dev-Team has released updates to RedSn0w and PwnageTool that bring support for the iOS 5.1.1 untethered jailbreak.
RedSn0w 0.9.12b1 supports untethered iOS 5.1.1 jailbreak for all devices:
PwnageTool 5.1.1 allows to create custom firmware and preserve modem version for unlock with ultrasn0w or Gevey. PwnageTool 5.1.1 supports all A4 devices:
You can download RedSn0w 0.9.12b1 and PwnageTool 5.1.1 .
iOS 5.1.1 untethered jailbreak tutorial using Redsn0w is available .
Official DevTeam comments:
RedSn0w
redsn0w allows owners of A4+earlier devices to install rocky-racoon two different ways:
- backup/restore method similar to Absinthe and cinject
- its traditional limera1n-based ramdisk install. If you have a lot of media on your A4 device (music, movies, TV shows, etc), then the ramdisk method is preferrred because it avoids any possibility of later problems related to syncing to iCloud (including Photo Stream and Music Match). The ramdisk method is not available for A5 devices or later because limera1n can’t be used. If you’d like to use redsn0w’s ramdisk method, just be sure to put the A4 device in DFU or Recovery mode before starting redsn0w (otherwise it will immediately start to use the backup/restore method).
We’ve also added a new redsn0w feature specifically for those who got in on the SAM unlock: you can now include your SAM tickets as part of your initial ramdisk jailbreak of iPhone4 or earlier, or alternatively you can upload your SAM tickets to any device after its been jailbroken. redsn0w accepts either the individual SAM activation ticket plist file, or the entire zip file created by redsn0w’s “Backup” button. As usual, redsn0w continues to cover all of its previous jailbreaks and untethers (so redsn0w-0.9.12b1 covers everything from 5.1.1 all the way back to 4.1).
PwnageTool
PwnageTool also avoids any possible sync issues, but again it applies only to A4+earlier devices. If you unlock your iPhone with ultrasn0w or a commercial method, you must use PwnageTool to avoid updating your baseband otherwise you’ll lose the unlock. PwnageTool will also jailbreak+untether the AppleTV2,1 5.0_2B206f (unless you customize the IPSW further, you’ll have just basic SSH access to the device).
MuscleNerd from the iPhone Dev-Team has posted some details on the upcoming untethered jailbreak from pod2g.
- All info below is tentative and subject to last minute refinements
- @pod2g’s 5.1.1 jailbreak+untether is working out great. All devices are covered except for AppleTV3,1, which currently has no path for jailbreaking.
- the initial 5.1.1 plan used a kernel exploit from @westbaer which unfortunately precluded use in iPod3,1 and iPhone2,1
- @planetbeing stepped up and provided a kernel exploit that covers both of those. Those two JBers are the bomb!- The 5.1.1 A5 JB is very similar to the A5 5.0.1 JB. @pimskeks has done a tremendous job supporting both 5.0.1 and 5.1.1 in absinthe
- Similar to 5.0.1, there will also be a 5.1.1 CLI “cinject” binary and redsn0w version of the 5.1.1 JB+untether. Absinthe, cinject, and redsn0w will all provide the same JB in different fashions.
- timing is indeterminate. Plans are for this week, but a number of factors can influence that.- For those wishing to donate, we’ve set up a new 5.1.1 paypal URL: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4U6DQGJ2NRVUN
- Please don’t pirate AppStore apps (seriously, please do not).
This week Gareth Wright that Facebook’s app for iOS has a security vulnerability through which malicious users can access login credentials saved in a .plist file of the app. With a copy of that .plist file malicious users could automatically log into the affected user’s Facebook account on another device. Reportedly, the vulnerability also exists on Android devices.
Wright describes several different ways in which your login credentials could be obtained by a malicious user, including hidden applications installed on shared PCs, customized apps, or modified speaker dock that could copy your plist.
Facebook, the issue only affects jailbroken or lost devices, as it requires physical access or installation of a custom app on the device. But Wright and pointed out that simply plugging into any device would be sufficient for malicious users to gather these files.
The Next Web has confirmed that Dropbox for iOS is also vulnerable to this issue. Given that two such high-profile apps as Facebook and Dropbox are vulnerable to credential theft, it is likely that other apps are also affected by the issue.
As many reports note, this method of gathering login credentials is not actively utilized in a malicious manner, and users can protect their data for the time being by not plugging their devices into shared computers and charging stations.
The Chronic Dev-Team has released an update to its Absinthe jailbreak utility that brings support for Mac OS X 10.5 (Intel + PPC) and fixes several bugs.
@pimskeks announced the update:
#Absinthe 0.4 released greenpois0n.com/?p=173 – OSX 10.5 support (PPC+Intel). Re-jailbreaking not required. Changelog: pastebin.com/DdwGKstR
What’s New in Absinthe v0.4:
You can download Absinthe for Windows, Mac OS X and Linux from .
Here are our step-by-step tutorials:
The iPhone 4S and iPad 2 jailbreak utilities are undergoing testing and polishing before the public release. According to ‘Dream Team’ member planetbeing:
We’re testing & fixing problems with the jb app (that @pimskeks finished the majority of at incredible speed). Still needs to be polished.
P0sixninja also tweeted it should not be much longer before the jailbreak gets released.
not much longer now
We hope to see the utilities soon, because more than a week ago there were .
iPhone Dev Team has posted a about upcoming public release. If you have iPad 2 or iPhone 4S go ahead and read it:
But we’re now near the final stages of testing the public version of the jailbreak. Please allow time to clean up any remaining bugs in the jailbreak clients.Jailbreak programs:
To be as flexible as possible, the A5 version of the corona jailbreak will take multiple forms:
- Chronic Dev have incorporated the overall flow into a GUI that runs on your Mac or PC. The goal is for the GUI to be enough for most cases.
- iPhone Dev have also incorporated the exact same flow into an alternative command-line interface (CLI). This will allow us to help users through individual steps of the jailbreak manually, to both help the user and help improve the overall flow. Although the CLI will also allow the user to perform the entire jailbreak from beginning to end, we anticipate it will be more useful in debugging the occasional errors. The CLI currently has over 20 individual options (in addition to the single “jailbreak” option) that should be useful during debug after the GUI release.
- Once all the bugs in the flow are worked out, we’ll also incorporate it into the redsn0w GUI (but still leave the CLI freely available too). In order to maximize the chances of the jailbreak working for everyone, the redsn0w GUI will use native Apple iTunes libraries — this technique is slightly different than how the Chronic Dev GUI handles communications, and should provide nice combined coverage for all the odd computer configurations out there.
The supported firmware versions will be:
- iPhone4S: 5.0 (9A334), 5.0.1 (9A405) and the “other” 5.0.1 (9A406)
- iPad2: 5.0.1 (9A405)
iPhone4S owners looking to maximize their chances of achieving an eventual software-based carrier unlock should be staying at 5.0. Everyone else should be at 5.0.1. If you’re an iPhone4S owner who already updated to 5.0.1, it’s too late to go back down to 5.0, but if you’re on 9A406 it is possible to downgrade the BB by going to the 9A405 version of 5.0.1 while the window is still open.
Support:
The overall flow used by the GUI and CLI to inject the A5 corona jailbreak has never been done before, and there may be unforeseen problems once it’s released to the public. It’s very important for you to sync your data, photos, and music before attempting any version of this jailbreak. We’ll be watching the comments section below for signs of any widespread problems, but please be aware that you jailbreak at your own risk!
When:
As mentioned at the start of this post: when testing has shown most of the bugs have been fixed!
iPhone Dev Team have just released a new version of RedSn0w 0.9.10b4. It includes a fixes for iBooks and launchctl. As always, you can simply run the new redns0w over your current jailbreak, just make sure to uncheck Cydia. To fix iBooks and launchctl errors you can also simply install .
Update #4: The b4 version of redsn0w incorporates the 5.0.1 fix for iBooks, and also for sporadic problems with launchctl. Thanks to @xvolks for merging the iBooks (sandbox) fix from @comex’s github into the overall corona untether from @pod2g! As usual, you can choose to install the fix either by re-running redsn0w over your existing jailbreak (de-select Cydia if you do that), or by installing the corona package from Cydia (it’s the same set of files no matter which way you choose).
You can download the new version of RedSn0w from .
Semi-tethered jailbreak is already available for some devices for both iOS 5 and iOS 5.0.1. But we all want untethered jailbreak and we want jailbreak for iPad 2 and iPhone 4S. So why not help hackers to find new exploits and vulnerabilities?
The Chronic Dev-Team has a released a tool to collect crash reports from iOS devices in order to find vulnerabilities that could lead to an untethered jailbreak.
The idea is very simple. When your iPhone, iPad or iPod Touch crashes it sends data to Apple (you can turn it this off though). Apple uses these reports to update iOS in the future. By the way, it also uses them to fix exploits found by jailbreakers. P0sixninja says that Apple closed several exploits they have found in IOS 5 beta before the final version of the software was released.
In order to find more vulnerabilities as fast as possible, the team has developed a tool which will copy the crash reports from your device and analyze them to locate potential exploits. The tool will also remove the crash reports from your device and modify your iTunes installation to prevent uploading of that diagnostic information to Apple.
Iinstructions how to change tethered iOS 5 jailbreak to a semi tethered jailbreak are available .
iOS 5 is currently jailbreakable using redsn0w 0.9.9b5 or sn0wbreeze 2.8b8. So developers are working hard to update their apps and tweaks to work with iOS 5. Here is a useful spreadsheet, where you can find information, whether or not your favorite Cydia tweak or app is compatible with iOS 5: