From time to time in Applesfera we publish articles on IOS versions that Apple has stopped signing. Most users may not know what this means or what the consequences are. But it is an action of great importance for everyone involved.
What does it mean that an iOS version is signed
When we talk about a signed version of iOS, we mean it is digitally signed by Apple. It is a necessary element for the installation of new versions or earlier than the operating system, without which they cannot be executed. As our partner tells us Julio Cesar Muñoz, the installation process follows these steps:
Step 1: Download the version to install, either from the device itself (which has a previous version and an active internet connection) or from a computer to install using iTunes or the Finder, which also has an Internet connection.
Step 2: When starting the installation from the previous version or from the computer, take the chop version (signed by Apple) and send it to Apple servers to verify that this chop exists, which corresponds to a generated version and which is in the whitelist to be accepted as installable on a device.
Step 3: The request, in turn, is signed by a private key provided by Apple to verify that they and they alone generated the proposal.
Step 4: If everything is correct, give the system permission to start the installation.
The signature is therefore Apple’s way of check that the content installed on the device it has not been changed. And it remained intact from signing until the signature was verified again later.
A protocol to always install the latest version of iOS
As we know, Apple regularly releases new versions of iOS. In them we find both new functions, system improvements and modifications such as security fixes. These fix bugs that can allow an attacker to exploit them, causing the device to do things it is not supposed to do.
In early 2021, Apple released iOS 14.4, a version that fixed two security bugs that the company said had been exploited by a third party. Errors like these can also allow perform the jailbreak
For several years, the “ jailbreak ” will escape Apple updates
Specifically, it only took two weeks between the release of iOS 14.4.1 and the removal of the signature from iOS 14.4. And in recent years, the community jailbreak will tow iOS updates. For example, unc0ver released a tool to do jailbreak until iOS 14.3 last March. iOS 14.3 was released in mid-December 2020 and was replaced by iOS 14.4 at the end of January of this year.
A good security measure to protect and keep your devices up to date
One way to access an iPhone or iPad is to install an older version of an operating system (something called downgrade). The one we know has one or more errors that would allow us to access the device, when with the current version it is impossible. Therefore, if the version with the bug is unsigned, it will be impossible for us to install it.
There is a way around this obstacle, although it does require the user to register the blobs SHSH from your device with a signed version of iOS. So that it must be kept preventively each time. And it also doesn’t work for devices that we don’t have constant access to if we can’t register the blobs.
By digitally signing only the most recent iOS versions, which can be viewed for each device here, Apple ensures that when a user updates their device, he does it until the last. Intermediate versions are avoided, which of course would have errors and unpatched bugs in newer ones. This also saves the user from having to suffer more than one update, shortening the steps to the latest available.
As we can see, stopping signing iOS versions is not a minor task for Apple. Help keep us in the loop and prevent this from happening downgrade to an old version of iOS for harmful purposes.