Headline
New TrollStore Tool Permanently Installs Apps on Non-Jailbroken iOS Devices
By Waqas TrollStore does not work on anything above iOS 15.5, and beta 4, not on iOS 15.5, not on version 15.6, and not on iOS 16). This is a post from HackRead.com Read the original post: New TrollStore Tool Permanently Installs Apps on Non-Jailbroken iOS Devices
TrollStore was released on 3rd September 2022 as a revolutionary new iOS tool that lets users install any application permanently on a non-jailbroken device. This is one feature that threat actors have been waiting for a long time.
With the arrival of TrollStore, iOS devices’ security is severely threatened. For your information, device jailbreaking means modifying the software to remove restrictions from the operator or manufacturers.
Why is TrollStore a Threat?
That’s because, due to Apple’s policies, the distribution of modded applications was almost impossible than the actual modding process. The tool impacts all iOS versions from iOS 14.0 to 15.4.1.
On GitHub, its developers explained that,
“TrollStore is a permasigned jailed app that can permanently install any IPA you open in it. It works because of the CoreTrust bug that ONLY affects iOS 14.0 – 15.4.1 (15.5b4). NOTE: TrollStore will NEVER work on anything higher than iOS 15.5 beta 4 (No not on iOS 15.5, not on iOS 15.6, and certainly not on iOS 16.x), please stop asking!”
According to GuardSquare, combining two newly discovered vulnerabilities (CVE-2022-26766 and CVE-2021-30937), TrollStore helps an adversary obtain root privileges and sign the tool with arbitrary entitlements. Therefore, running the app with arbitrary permissions/characteristics becomes possible.
GuardSquare security researcher Jan Seredynski explained in their blog post that before the introduction of this tool, modded app users used to jailbreak their devices or use different approaches to install repackaged applications.
But, TrollStore takes away this effort and dramatically reduces the need to install modified apps as the user doesn’t need to jailbreak the device. There are serious repercussions for app developers because jailbreak detection would no longer remain a “valid stopgap to mitigate the majority of repackaging efforts,” Seredynski wrote.
Moreover, most common repackaging detection solutions wouldn’t detect the issue because of the CVE-2021-30937 vulnerability that allows an adversary to sign the app with an arbitrary BundleID or TeamID.
How to Mitigate the Threat?
It is essential that repacking detection solutions expand their boundaries beyond common verification tools such as TeamID and BundleID, for instance, iXGuard. They must verify additional indications of composition because TrollStore re-signs the app with a new certificate.
Furthermore, it is important to detect the actual modifications to application assets/codes. Finally, multiple security layers must ensure maximum mobile app security.
- New tool detects fake 4G cell phone towers
- New Underactor tool reveals pixelated text to expose data
- New tool lets teens report, remove their nude photos online
- Microsoft’s new tool detects & reports pedophiles from chats
- Cellebrite’s new tool unlocks almost any iOS or Android device
I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism
Related news
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges.
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker with physical access to a device may be able to see private contact information.