Popular iOS jailbreaker iH8Sn0w tweeted yesterday that he has found a “loophole” in Apple’s APTicket system for signing firmwares. For those that don’t know, Apple began requiring approval from their servers before allowing a device to restore to a certain firmware, so they could keep people from downgrading to older, less secure versions.
This originally used SHSH blobs, but those were cracked fairly quickly, and a spoof server was set up that allowed devices with saved SHSH blobs to downgrade. However, as iOS 5 came around, Apple began transitioning to a new system known as APTicket. This was generally more secure than SHSH blobs, and it was believed that it would pose a problem for downgrading from newer firmwares.
Yesterday, iH8sn0w tweeted that he had found a security hold in the APTicket system that will allow downgrading from iOS 5.1. This is great news for anyone that updated to 5.1 accidentally and lost their jailbreak. The downgrade system will work on all A5 devices, and A5X devices once a new firmware is released for them. Stay tuned for more updates regarding this news.