New iOS Jailbreak Tools put Organizations at Risk
According to iDownloadBlog.com (iDB), “in an unforeseen turn of events, hacker Pwn20wnd released v3.5.0 of the unc0ver jailbreak tool to the general public Sunday morning with official support for iOS 12.4, the latest available firmware release from Apple with support for Apple Card.”
While users wanting to bypass existing Apple operating system precautions and take full control of their devices may be rejoicing, for an enterprise, this opens up risk since users can now download from third party app stores. The risk being, an increase in malware finding its way onto iOS operated phones from those third party app stores that don’t follow Apple’s rigorous vetting practice of apps and app developers.
As we mentioned in our More Malware May be Exposed to iOS Devices Because of Supreme Court Ruling blog, “Apple’s practice of vetting apps and developers, as well as its prohibition of third-party app stores, has resulted in it having about one-tenth the amount of malware on its iOS operating system as Google does on the Android operating system.”
Zimperium enterprise customers need not be concerned (sorry, jailbreak fans). Our platform leverages our award-winning, disruptive and patented machine learning and behavior-based engine, z9, which detects “zero-day” jailbreaks without modification to our product.
In fact, we are the only mobile security solution with on-device, machine learning-based detection of device, network, phishing and malicious app attacks.
Many conditions, like jailbreaking, increase the threat exposure of mobile endpoints – the majority of which stem from the fact that users are the admins on these devices. Users are the ones that choose whether or not to update the OS away from known vulnerable OS versions, to have a PIN code set, to jailbreak their device, etc. We recently talked about jailbreaks during our free webinar, in which we discussed:
- What device attacks are;
- How device attacks can hurt your organization; and
- How you can protect your mobile endpoints from device attacks.