Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on June 27, 2011

Apple “steps up its game”, new iOS 5 firmware to block downgrades


Apple “steps up its game”, new iOS 5 firmware to block downgrades

Apple has started to introduce new security checks in its new iOS 5 software that could possibly restrict owners of an iPhone, iPad or iPod from downgrading the firmware on their devices, the iPhone Dev-Team has revealed.

The collective says that Apple has adapted the role of “APTicket” in its iOS 5 beta releases, making sure that the boot stages of an iOS device now depends on the authenticity of the APTicket. Before, it used to rely on the unique ID of the handset and the firmware version, now Apple has ensured the ticket is randomly generated each time the handset is rebooted – if they don’t match then the firmware will not be eligible for a downgrade:

Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.

The team says this only affects iOS 5 releases and that Apple can toggle the feature on and off when it wishes. Although some exploits take advantage of checks before the new APTicket is invoked, it means that only tethered jailbreaks will be possible until a new exploit is found.

Restoring your device to pre-5.0 firmwares will still be possible also:

Also, restoring to pre-5.0 firmwares with saved blobs will still be possible (but you’ll soon start to need to use older iTunes versions for that). Note that iTunes ultimately is *not* the component that matters here..it’s the boot sequence on the device starting with the LLB.

Although it’s always been just “a matter of time” before Apple started doing this (they’ve always done this with the BBTicket), it’s still a significant move on Apple’s part (and it also dovetails with certain technical requirements of their upcoming OTA “delta” updates).

The Dev-Team teases that it may have found a way to combat the new checks, but says discussing the exploits would be fruitless whilst the firmware is still in beta stages and is not available to the public. It acknowledges that Apple has begun to get tough on device modifications, stating: “we’re just letting you know what Apple has already done in their existing beta releases — they’ve stepped up their game!”

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with