Every so often, in Applesfera we publish articles talking about iOS versions that Apple has stopped signing. Most users may not know what this means or what the consequences are. But it is an action of great importance for everyone involved.
What does it mean that an iOS version is signed?
When we talk about a signed version of iOS, we mean that it bears Apple’s digital signature. It is a necessary element for the installation of new versions or earlier than the operating system, without which they cannot be performed. As our partner tells us Julio Cesar Muñoz, the installation process follows these steps:
Step 1: the version to be installed is downloaded, either from the device itself (which has a previous version and an active internet connection) or from a computer to install using iTunes or the Finder, also having an internet connection.
Step 2: when starting the installation from the previous version or from the computer, take the hash version (signed by Apple) and sends it to Apple servers to verify that this hash exists, which corresponds to a generated version and which is in the white-list to be accepted as installable on a device.
Step 3: the request, in turn, is signed by a private key provided by Apple to verify that they and only they have generated the proposal.
Step 4: If everything is correct, give the system permission to start the installation.
The signature is, therefore, Apple’s way of control that the content installed on the device it has not been altered. And it has remained intact from when it is signed until the signature is verified again later.
A protocol to always install the latest version of iOS
As we know, Apple releases new iOS versions regularly. In them we find both new functions, system improvements and changes such as security patches. The latter fix bugs that can allow an attacker to exploit them, causing the device to do things that it is not supposed to do.
In early 2021, Apple released iOS 14.4, a version that fixed two security bugs that the company believed had been exploited by a third party. Errors like these can also allow perform the jailbreak to a device. Hence the interest in exploiting this type of failure. The problem for them is that Apple stops signing older versions of iOS shortly after releasing a new one.
For several years, the ‘jailbreak’ is going to slipstream from Apple updates
Specifically, it took just two weeks between the release of iOS 14.4.1 and de-signing iOS 14.4. And in recent years, community jailbreak goes towing iOS updates. For example, unc0ver released a tool to do jailbreak up to version of iOS 14.3 last March. iOS 14.3 was released in mid-December 2020 and was superseded by iOS 14.4 in late January of this year.
A good security measure to protect and keep your devices up to date
One way to access an iPhone or iPad is by installing an old version of an operating system (something known as downgrade). One that we know has one or more errors that would allow us to access the device, when with the current version it is impossible. That is why if the version with the bug is not signed, it will be impossible for us to install it.
There is a way around this impediment, although it requires the user to save the blobs SHSH of your device with a signed version of iOS. So that we must keep it preventively every time. And it also does not work for devices to which we do not have constant access if we can not save the blobs.
By digitally signing only the most current iOS versions, which can be viewed for each device here, Apple ensures that when a user updates their device, he does it to the last. Intermediate versions are avoided, which, of course, would have errors and uncorrected bugs in the most recent ones. It is also avoided that the user has to suffer more than one update, shortening steps to the latest available.
As we can see, stop signing iOS versions is not a minor task for Apple. Helps keep us up to date and prevents it from being done downgrade to an older version of iOS for nefarious purposes.