JailbreakMe

Last updated
JailbreakMe
Developer(s) Muddaser, Farache, comex, et al.[ citation needed ]
Stable release
3.0 / July 6, 2011;11 years ago (2011-07-06)
Operating system iOS
Type iOS jailbreaking
License Freeware
Website jailbreakme.com

JailbreakMe is a series of jailbreaks for Apple's iOS mobile operating system that took advantage of flaws in the Safari browser on the device, [1] providing an immediate one-step jailbreak, unlike more common jailbreaks, such as Blackra1n and redsn0w, that require plugging the device into a computer and running the jailbreaking software from the desktop. JailbreakMe included Cydia, a package management interface that serves as an alternative to the App Store. Although it does not support modern devices, it can still be used and the site is up.

Contents

JailbreakMe's first version in 2007 worked on iPhone and iPod Touch firmware 1.1.1, the second version was released in August 2010 for firmware 4.0.1 and earlier, and the third and final version was released in July 2011 for iOS versions 4.3 to 4.3.3 (and was the first jailbreak for the iPad 2). JailbreakMe 3.0 has been used to jailbreak at least two million devices. [2]

Versions

JailbreakMe 1.0 (iOS 1.1.1)

JailbreakMe, started in 2007, was originally used to jailbreak the iPhone and iPod Touch running the 1.1.1 version of iOS, then named iPhone OS. Using a TIFF exploit against Safari, it installed Installer.app. [3] The vulnerability used in this exploit was patched by Apple in the 1.1.2 firmware.

This tool, also called "AppSnapp", was created by a group of nine developers. [4]

JailbreakMe 2.0 (iOS 3.1.2–4.0.1)

JailbreakMe 2.0 "Star", released by comex on August 1, 2010, exploited a vulnerability in the FreeType library used while rendering PDF files. This was the first publicly available jailbreak for the iPhone 4, able to jailbreak iOS 3.1.2 through 4.0.1 on the iPhone, iPod Touch, and iPad models then current. [5] This jailbreak was activated by visiting the jailbreakme.com web page on the device's Safari web browser.

The vulnerability used by JailbreakMe 2.0 was patched by Apple in iOS 4.0.2. [6]

JailbreakMe 3.0 (iOS 4.3–4.3.3)

JailbreakMe 3.0 "Saffron", released on July 6, 2011, will jailbreak most iOS devices on iOS 4.3-4.3.3 and iPad 2 on 4.3.3. [7] It was the first publicly available jailbreak for iPad 2. JailbreakMe 3.0 exploited a FreeType parser security flaw (similar to JailbreakMe 2.0), using the form of a PDF file rendered by Mobile Safari, which then used a kernel vulnerability to complete the untethered jailbreak. [8] [9] Comex also released a patch for this FreeType flaw, named PDF Patcher 2, which is available as a free package installable via Cydia. [10]

A few days before the initial release, a beta tester leaked JailbreakMe 3.0 to the public. Comex said on Twitter that this put him on a "time limit" to release the final version quickly. [10]

The JailbreakMe website looked similar to downloading an App Store app. It included a blue button indicating "FREE", which changed into a green "INSTALL" button when pressed once, much like an application on the App Store. After tapping "INSTALL", Safari would close, Cydia would load as a new app, and the device would be jailbroken with no reboot necessary.

On July 15, 2011, Apple released iOS 4.3.4 (GSM) and 4.2.9 (CDMA) to patch the flaws used by JailbreakMe. [11]

Comex received a Pwnie Award at the Black Hat Conference in 2011 for "Best Client-Side Bug" for this work. [12]

Comex was hired by Apple as an intern in August of 2011. [13]

JailbreakMe 4.0 (iOS 9.1–9.3.4)

JailbreakMe 4.0, released by tihmstar on December 12, 2017, exploited three serious vulnerabilities (CVE - 2016-4655 ,CVE- 2016-4656 andCVE- 2016-4657), already utilized by a spyware named Pegasus. It was mainly based on HomeDepot, a semi-untethered jailbreak released by jk9357. As for HomeDepot, it targeted all the 32-bit devices between iOS 9.1 and iOS 9.3.4.

The vulnerabilities used by HomeDepot and JailbreakMe 4.0 were patched by Apple in iOS 9.3.5.

The jailbreak was hosted by Chris Wade (creator of Corellium) at jailbreak.me. Whilst technically semi-untethered, the jailbreak could be made fully untethered with the use of tihmstar's UntetherHomeDepot package.

TotallyNotSpyware (iOS 10)

TotallyNotSpyware, created by the JakeBlair420 team, released on 7 September 2018, is a JailBreakMe-style exploit that works on any 64-bit device running iOS 10. As with JailbreakMe 4.0, the web browser is induced to sideload Cydia using a payload, either Meridian or the doubleH3lix. It is hosted at spyware.lol, and is semi-untethered.

Domain name transfer

On October 7, 2011, Conceited Apps, which had been allowing Comex to use the domain name for hosting, sold the domain name jailbreakme.com to an allegedly "unknown" party. SaurikIT acquired the domain the next day. [14] [15]

Domain redirection

jailbreakme.com would redirect to cydia.saurik.com if an incompatible device was detected. Later, it redirects to totally-not.spyware.lol

Compatible iOS versions

DeviceiOS versions vulnerable to JailbreakMe
iPhone (1st generation) 1.1.1, 3.1.2 to 3.1.3
iPhone 3G 3.1.2 to 4.0.1
iPhone 3GS 3.1.2 to 4.0.1, 4.3 to 4.3.3
iPhone 4 (GSM)4.0 to 4.0.1, 4.3 to 4.3.3
iPhone 4 (CDMA)4.2.6 to 4.2.8
iPhone 4S and laterNone
iPod Touch (1st generation) 1.1.1, 3.1.2 to 3.1.3
iPod Touch (2nd generation) 3.1.2 to 4.0.1
iPod Touch (3rd generation) 3.1.2 to 4.0.1, 4.3 to 4.3.3
iPod Touch (4th generation) 4.3 to 4.3.3
iPod Touch (5th generation) and laterNone
iPad (1st generation) 3.2 to 3.2.1, 4.3 to 4.3.3
iPad 2 4.3.3
iPad (3rd generation) and later9.1 to 9.3.4
iPad Mini (all models)None

Related Research Articles

<span class="mw-page-title-main">Privilege escalation</span> Gaining control of computer privileges beyond what is normally granted

Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

iPod Touch Discontinued series of mobile media devices by Apple

The iPod Touch is a discontinued line of iOS-based mobile devices designed and marketed by Apple Inc. with a touchscreen-controlled user interface. As with other iPod models, the iPod Touch can be used as a music player and a handheld gaming device, but can also be used as a digital camera, a web browser and for messaging. It is similar in design to the iPhone, but it connects to the Internet only through Wi-Fi and does not use cellular network data, so it is not a smartphone.

iOS Mobile operating system by Apple

iOS is a mobile operating system developed by Apple Inc. exclusively for its hardware. It is the operating system that powers many of the company's mobile devices, including the iPhone; the term also includes the system software for iPads predating iPadOS—which was introduced in 2019—as well as on the iPod Touch devices—which were discontinued in mid-2022. It is the world's second-most widely installed mobile operating system, after Android. It is the basis for three other operating systems made by Apple: iPadOS, tvOS, and watchOS. It is proprietary software, although some parts of it are open source under the Apple Public Source License and other licenses.

SpringBoard is the standard application that manages the iPhone's home screen. Other tasks include starting WindowServer, launching and bootstrapping applications and setting some of the device's settings on startup.

On Apple devices running iOS and iOS-based operating systems, jailbreaking is the use of a privilege escalation exploit to remove software restrictions imposed by the manufacturer. Typically it is done through a series of kernel patches. A jailbroken device permits root access within the operating system and provides the right to install software unavailable through the App Store. Different devices and versions are exploited with a variety of tools. Apple views jailbreaking as a violation of the end-user license agreement and strongly cautions device owners not to try to achieve root access through the exploitation of vulnerabilities.

<span class="mw-page-title-main">Cydia</span> iOS package manager

Cydia is a graphical user interface of APT for iOS. It enables a user to find and install software not authorized by Apple on jailbroken iPhones, iPads and iPod Touch devices. It also refers to digital distribution platform for software on iOS accessed through Cydia software. Most of the software packages available through Cydia are free of charge, although some require purchasing.

<span class="mw-page-title-main">Installer.app</span> Freeware software installer for the iPhone

Installer.app was a freeware software installer for the iPhone created by Nullriver and later maintained by RipDev, first released in summer 2007 and maintained until summer 2009. Installer allowed users to install third-party applications into the iPhone's Applications directory where native applications are kept. Users could install applications from a variety of sources provided by software developers or directly onto the iPhone without requiring a computer. Users could browse lists of applications inside Installer to find ones they wanted to install. In June 2009, RipDev dropped support for Installer in favor of developing a different package manager and installer named Icy.

blackra1n is a program that jailbreaks versions 3.1, 3.1.1 and 3.1.2 of Apple's operating system for the iPhone and the iPod Touch, known as iOS.

iOS 4 Fourth major release of iOS, the mobile operating system developed by Apple Inc.

iOS 4 is the fourth major release of the iOS mobile operating system developed by Apple Inc., being the successor to iPhone OS 3. It was announced at the Apple Special Event on April 8, 2010, and was released on June 21, 2010. iOS 4 is the first iOS version issued under the "iOS" rebranding, dropping the "iPhone OS" naming convention of previous versions. It was succeeded by iOS 5 on October 12, 2011.

<span class="mw-page-title-main">Jay Freeman</span> American computer scientist

Jay Ryan Freeman is an American businessman and software engineer. He is known for creating the Cydia software application and related software for jailbroken iOS—a modified version of Apple's iOS that allows for the installation and customization of software outside of the regulation imposed by the App Store system.

A SHSH blob is an unofficial term referring to the digital signatures that Apple generates and uses to personalize IPSW firmware files for each iOS device. They are part of Apple's protocol designed to ensure that trusted software is installed on the device, generally only allowing the newest iOS version to be installable. Apple's public name for this process is System Software Authorization.

greenpois0n is a name shared by a series of iOS jailbreaking tools developed by Chronic Dev Team that use exploits to remove software restrictions on iPhones, iPads, iPod Touches, and Apple TVs. Greenpois0n's initial release in October 2010 jailbroke iOS 4.1, and its second version in February 2011 jailbroke iOS 4.2.1 as well as iOS 4.2.6 on CDMA iPhones. The second generation of the tool, greenpois0n Absinthe, was developed with iPhone Dev Team members and jailbroke iOS 5.0.1 in January 2012, and a second version jailbroke iOS 5.1.1 in May 2012.

iMessage Instant messaging service by Apple

iMessage is an instant messaging service developed by Apple Inc. and launched in 2011. iMessage functions exclusively on Apple platforms: macOS, iOS, iPadOS, and watchOS.

<span class="mw-page-title-main">Evasi0n</span>

Evasi0n,, is a untethered jailbreak program for iOS 6.0 - 6.1.2 and for iOS 7.0 - 7.0.6. It is known for a portable code base and minimal use of arbitrary code execution. More than seven million copies of Evasi0n were downloaded and presumably installed in the first four days after release. It was released on 4 February 2013. Four of the six exploits used were patched by Apple on 18 March 2013 with the release of iOS 6.1.3, which meant the end of the original version of evasi0n. On 22 December 2013, the evad3rs released a new version of evasi0n that supports iOS 7.x, known as evasi0n7. One major exploit used by this jailbreak was patched by Apple with the 4th beta of iOS 7.1 and two more with beta 5. The final release of iOS 7.1 fixed all the exploits used by evasi0n7.

The Pangu Team, is a Chinese programming team in the iOS community that developed the Pangu jailbreaking tools. These are tools that assist users in bypassing device restrictions and enabling root access to the iOS operating system. This permits the user to install applications and customizations typically unavailable through the official iOS App Store.

iOS 9 Ninth major release of iOS, the mobile operating system developed by Apple Inc.

iOS 9 is the ninth major release of the iOS mobile operating system developed by Apple Inc., being the successor to iOS 8. It was announced at the company's Worldwide Developers Conference on June 8, 2015, and was released on September 16, 2015. It was succeeded by iOS 10 on September 13, 2016.

PP Jailbreak, also commonly known as PP, PP25 App or PP25 Jailbreak, is a term describing a free Chinese app containing tools capable of jailbreaking iOS 8 devices, except for Apple TV. Eligible products include: iPod Touch, iPhone and iPad. This app was developed by a Chinese iOS hacking community known as PP Assistant. It was first released on January 19, 2015

iPadOS 13 First major release of iPadOS, the tablet operating system developed by Apple Inc.

iPadOS 13 is the first major release of the iPadOS mobile operating system developed by Apple Inc. for their iPad line of tablet computers. The successor to iOS 12 on those devices, it was announced at the company's 2019 Worldwide Developers Conference (WWDC) on June 3, 2019, as a derivation from iOS, with a greater emphasis on multitasking and tablet-centric features. It was released on September 24, 2019. It was succeeded by iPadOS 14, released on September 16, 2020.

The iOS mobile operating system developed by Apple Inc. has had a wide range of bugs and security issues discovered throughout its lifespan, ranging from security exploits discovered in most versions of the operating system related to the practice of jailbreaking, as well as bypassing the user's lock screen, to issues relating to battery drain, to crash bugs encountered when sending photos or certain Unicode characters via text messages sent through the Messages application, and general bugs and security issues later fixed in newer versions of the operating system.

<span class="mw-page-title-main">Early iPhone systems-on-chip</span> Chips used for the first iPhones

iPhone and iPod Touch models released between 2007 and 2009 used system on a chip (SoC) circuits designed by Samsung and manufactured to Apple's specifications. Two such SoCs were used: the Samsung S5L8900, used in the first-generation iPhone, the iPhone 3G, and the first-generation iPod Touch, and the Samsung S5L8920, used in the iPhone 3GS and the third-generation iPod Touch. Both chips belong to Samsung's S5L family of SoCs.

References

  1. Bradley, Tony (August 3, 2010). "JailbreakMe Exploits Serious iPhone Security Flaw". Net Work. PCWorld Communications, Inc. Retrieved October 15, 2010.
  2. Greenberg, Andy (August 1, 2011). "Meet Comex, The 19-Year-Old iPhone Uber-Hacker Who Keeps Outsmarting Apple". The Firewall. Forbes. Retrieved August 2, 2011.
  3. Wilson, Ben (October 29, 2007). "One-step method for adding third-party apps to iPhone 1.1.1, iPod Touch debuts". CNET. Archived from the original on March 13, 2012. Retrieved August 25, 2011.
  4. Keizer, Gregg (October 29, 2007). "Hacker Software Can Install Unauthorized Software on iPhones". PCWorld. Archived from the original on September 25, 2011. Retrieved August 25, 2011.
  5. Hollister, Sean (August 1, 2010). "Official: iPhone 4 jailbreak hits from iPhone Dev Team (updated with video)". Engadget. Retrieved September 11, 2010.
  6. Patel, Nilay (August 11, 2010). "Apple releases iOS 4.0.2 for iPhone and 3.2.2 for iPad, fixes PDF vulnerability". Engadget. Retrieved 2010-09-11.
  7. iPhone Dev Team (July 6, 2011). "jailbreakme times 3". iPhone Dev Team Blog. Retrieved August 2, 2011.
  8. Connolly, P. J. (July 15, 2011). "Apple Fixes Latest iOS Exploit". eWEEK Labs. eWEEK. Retrieved October 23, 2011.
  9. jean (July 18, 2011). "Analysis of the jailbreakme v3 font exploit". Sogeti ESEC Lab. Archived from the original on July 22, 2011. Retrieved October 23, 2011.
  10. 1 2 Schwartz, Mathew J. (July 7, 2011). "Apple iOS Zero-Day PDF Vulnerability Exposed". InformationWeek. Archived from the original on July 10, 2011. Retrieved October 23, 2011.
  11. Mediati, Nick (July 15, 2011). "iOS 4.3.4 Is Out; Fixes JailbreakMe 3.0 Exploit". Geek Tech. PCWorld. Retrieved October 23, 2011.
  12. Schwartz, Mathew J. (August 4, 2011). "Pwnie Award Highlights: Sony Epic Fail And More". InformationWeek. Retrieved August 25, 2011.
  13. Greenberg, Andy (August 26, 2011). "Apple Hacker Extraordinaire Comex Takes An Internship At Apple". Forbes. Retrieved November 2, 2011.
  14. Waisybabu (October 7, 2011). "Jailbreaks.me Is The New URL For iPad 2 Jailbreak; Stay Away From JailbreakMe.com As It May Distribute Malware Under New Ownership". Redmond Pie. Retrieved October 23, 2011.
  15. Waisybabu (October 8, 2011). "JailbreakMe.com Bought Back By Saurik, Community Collectively Heaves Sigh Of Relief". Redmond Pie. Retrieved October 8, 2011.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.