Over the years, Apple has made it prohibitively difficult to jailbreak iOS, which lets you install whatever software you want want on the normally locked-down devices. But on Saturday, the jailbreaking team Unc0ver released a tool that will jailbreak all versions of iOS from 11 to the 13.5. It’s been years since jailbreak has been available for a current version of iOS for more than a few days-making this yet another knock on Apple’s stuttering security image.
Unc0ver says that its jailbreak, which you can install using the longtime jailbreaking platforms AltStore and Cydia (but maybe don’t unless you’re absolutely sure you know what you’re doing) is stable, and doesn’t drain battery life or prevent use of Apple services like iCloud, Apple Pay, or iMessage. And the group claims that it preserves Apple’s user data protections and doesn’t undermine iOS’s sandbox security, which keeps programs running separately so they can’t access data they shouldn’t.
“This jailbreak basically just adds exceptions to the existing rules,” Unc0ver’s lead developer, who goes by Pwn20wnd, told WIRED. “It only enables reading new jailbreak files and parts of the filesystem that contain no user data.”
Early public reactions to the jailbreak, including from researchers who tested it before its release, indicate that it works as intended. But the community hasn’t yet had time to fully assess the jailbreak or Unc0ver’s claims about its security protections. And the tool isn’t open source, which means it will be more difficult to analyze.
“It’s very in line with the early jailbreak spirit.”
Will Strafach, Guardian Firewall
The jailbreaking heyday of iOS largely wound down with the release of iOS 9 in 2015; that’s when Apple introduced a new kernel security feature called Rootless and other initiatives to safeguard iOS. But over the last year, the community has begun to storm back. In August, Apple accidentally reintroduced a previously patched flaw in iOS 12.4 that gave enthusiasts a few days of jailbreaking before reinstating the fix. Then in September, a researcher published details of an unpatchable Apple hardware flaw that could be exploited to jailbreak virtually every type of Apple mobile device released between 2011 and 2017, including iPhones, iPads, Apple Watches, Apple TVs. Known as checkm8, the disclosure marked a turning point, since it promised unprecedented open access to a large population of Apple mobile devices. But checkm8 didn’t extend to devices Apple released after 2017.
Today’s Unc0ver jailbreak is the first built on a so-called zero day vulnerability in years. This means that Unc0ver did not disclose its findings to Apple in advance, and that there’s no patch coming in the next few days that will block the jailbreak. The flaw is in iOS’s kernel, the program at the heart of an operating system. Both Pwn20wnd and independent iOS security researchers estimate that it will take Apple two to three weeks minimum to prepare a fix unless they have already found the bug independently and are in the process of patching it. Apple did not return a request from WIRED for comment.
“I am just personally excited to see a no-bullshit jailbreak dropped for the latest iOS,” says Will Strafach, a longtime iOS jailbreaker and creator of the Guardian Firewall app for iOS. “It’s very in line with the early jailbreak spirit.”
“It is a great accomplishment,” says axi0mX, the researcher who discovered checkm8. “Pwn20wnd was able to find his own vulnerability in iOS and use it to make another jailbreak.”
Though attackers can use jailbreaking to compromise devices, since it often opens the door to installing more types of malware, the research community generally embraces the practice. Jailbreaks make it easier to remove Apple’s restrictive protections, analyze how iOS behaves, and probe potential weaknesses and flaws. Apple and iOS-focused security researchers have been locked in an increasingly heated battle over the tradeoffs of Apple’s stringent security protections. Researcher say that these defenses can make basic security assessments-like whether an iOS device has been compromised by malware-harder to execute. Apple sued the security company Corellium last year for making an iOS emulator that researchers can use to analyze the operating system.