The developer of the unc0ver jailbreak has given more details about his new tool for unlocking iOS devices in conversation with Wired. In addition to alternative app marketplaces such as Cydia and AltStore, theApple’s own services such as iCloud, Pay and iMessage. In addition, Apple is expected to take some time to close the underlying vulnerability.
The new version of the unc0ver tool is made possible by a zero-day gap in the iOS kernel discovered by the hacker and unc0ver developer Pwn2Ownd. Most recently, Apple has always been able to close the vulnerabilities used for jailbreaks a few days after the jailbreak was released. This forced users to stick to a specific version of iOS so as not to lose the freedoms of jailbreaking.
“This jailbreak basically only adds exceptions to the existing rules,” Pwn2Ownd told WIRED. “It only allows you to read new jailbreak files and parts of the file system that do not contain user data.”
Because Apple does not know the details of the vulnerability, the company may need some time to develop a patch that blocks the jailbreak. Independent security researchers estimate that it will take at least two to three weeks to plug the hole in the kernel, according to the report. However, it cannot be ruled out that Apple discovered the bug independently of Pwn2Ownd some time ago and is already working on a fix.
“Personally, I am very pleased that a reasonable jailbreak has been achieved for the latest iOS,” Will Strafach, a longtime iOS jailbreaker and developer of the Guardian Firewall app for iOS, is quoted in the report. “That’s very much in line with the early jailbreak spirit.”
A jailbreak allows Apple to lift restrictions on its iOS mobile operating system. Among other things, researchers can now analyze the OS and look for possible vulnerabilities. While Apple’s security measures are designed to protect users, they also prevent researchers from systematically detecting vulnerabilities to help keep iOS safe. It is also more difficult to determine whether an iOS device has already been compromised. “A full-fledged jailbreak makes future security analysis easier,” Pwn2Ownd commented.
The Unc0ver developer points out that playing back an update of an iOS device allows you to remove all traces of the jailbreak. He also mentioned an important limitation to Wired: The kernel changes made by Unc0ver do not survive a reboot. However, because the jailbreak files remain in the file system, the tool only needs to rerun after a restart to re-enable the jailbreak.
An announcement by security provider Zerodium also suggests that Apple has a security issue with iOS. Previously, Zerodium paid significantly higher premiums for certain zero-day gaps in iOS than for vulnerabilities in other operating systems. Most recently, however, the company announced that it has a sufficient amount of zero-day gaps for iOS and therefore does not temporarily purchase new vulnerabilities for Apple’s mobile devices. In addition, iOS exploit prices are expected to fall soon, even if they allow full control of a device. This, too, can be interpreted as an indication that it has recently become easier to crack apple’s operating system.
Pwn2Ownd, meanwhile, is confident that its jailbreak will work with the upcoming iOS version 14. “Depends on whether Apple can patch my kernel vulnerability before iOS 14 or not. In that case, I’ll probably offer a new zero-day jailbreak.”