iPhone

Hackers Just Dropped a Jailbreak They Say Works for All iPhones

The new unc0ver jailbreak relies on a vulnerability that the researcher who found it says Apple is unaware of.
24 May 2020, 12:29am
iPhone Jailbreak

On Saturday, hackers and developers released the first public jailbreak for Apple's iOS operating system that they say works at launch on all iOS devices. A hacker who worked on the jailbreak says it works by taking advantage of a vulnerability in iOS that Apple is not aware of, or a so-called zero day.

The news signals the first time a jailbreak has been released that works on all devices on launch day since iOS 10, according to iOS security researcher Pwn20wnd, who discovered the underlying vulnerability powering the new jailbreak.

"iPhones are getting more secure every year because Apple is learning their mistakes from public jailbreaks or attacks they find in the wild," Pwn20wnd told Motherboard in an online chat.

A jailbreak is, generally speaking, a bundled piece of software that once loaded onto an iPhone lets a user bypass the ordinary limitations of iOS, allowing them to install apps outside of Apple's official App Store, for instance. They typically have to take advantage of vulnerabilities in iOS itself to achieve that sort of access. In unc0ver's case, the jailbreak leverages a vulnerability in the kernel, a particularly powerful layer of the operating system.

Pwn20wnd told Motherboard that iPhone case company Phone Rebel had bought advertising space inside the jailbreak application.

Often security experts warn users against jailbreaking their devices as it can potentially open their devices to other forms of attack. In this case, Pwn20wnd said that iOS security mechanisms remain intact, though that's a very difficult claim to verify at this time. Apple did not respond to a request for comment on this characterization.

Do you work at Apple or did you used to? We'd love to hear from you. You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Apple will likely try to identify the vulnerability that unc0ver uses.

"Sooner or later, they will. But that's just the nature of it," Pwn20wnd said. "It will most likely take them at least 2 or 3 weeks to release a patch. Even when they release a patch, users can downgrade to the previous iOS version for about 2 weeks usually, and after that, the users should stay on their versions so that the jailbreak keeps working."

Pwn20wnd said they didn't think the existence of this jailbreak means that the security of Apple's iOS devices is getting worse.

"It's just a big target for attackers," they said. "Apple is constantly adding more features to iOS that introduce new attack surfaces."

After a long stretch of relative dormancy, researchers have recently released more public jailbreaks for modern iOS devices. In August 2019, developers released the first public jailbreak for up-to-date iPhones in years, after Apple reintroduced a security vulnerability the company had initially fixed.

Motherboard reported earlier this week that for months hackers and researchers have been trading a leaked copy of the latest version of iOS, which isn't expected to release officially until September.

Subscribe to our cybersecurity podcast, CYBER.

This article originally appeared on VICE US.