"This jailbreak basically just adds exceptions to the existing rules," Unc0ver's lead developer, who goes by Pwn20wnd, told WIRED. "It only enables reading new jailbreak files and parts of the filesystem that contain no user data."
Early public reactions to the jailbreak, including from researchers who tested it before its release, indicate that it works as intended. But the community hasn't yet had time to fully assess the jailbreak or Unc0ver's claims about its security protections. And the tool isn't open source, which means it will be more difficult to analyze.
The jailbreaking heyday of iOS largely wound down with the release of iOS 9 in 2015; that's when Apple introduced a new kernel security feature called Rootless and other initiatives to safeguard iOS. But over the last year, the community has begun to storm back. In August, Apple accidentally reintroduced a previously patched flaw in iOS 12.4 that gave enthusiasts a few days of jailbreaking before reinstating the fix. Then in September, a researcher published details of an unpatchable Apple hardware flaw that could be exploited to jailbreak virtually every type of Apple mobile device released between 2011 and 2017, including iPhones, iPads, Apple Watches, Apple TVs. Known as checkm8, the disclosure marked a turning point, since it promised unprecedented open access to a large population of Apple mobile devices. But checkm8 didn't extend to devices Apple released after 2017.Today's Unc0ver jailbreak is the first built on a so-called zero day vulnerability in years. This means that Unc0ver did not disclose its findings to Apple in advance, and that there's no patch coming in the next few days that will block the jailbreak. The flaw is in iOS's kernel, the program at the heart of an operating system. Both Pwn20wnd and independent iOS security researchers estimate that it will take Apple two to three weeks minimum to prepare a fix unless they have already found the bug independently and are in the process of patching it. Apple did not return a request from WIRED for comment.
"I am just personally excited to see a no-bullshit jailbreak dropped for the latest iOS," says Will Strafach, a longtime iOS jailbreaker and creator of the Guardian Firewall app for iOS. "It’s very in line with the early jailbreak spirit."
"It is a great accomplishment," says axi0mX, the researcher who discovered checkm8. "Pwn20wnd was able to find his own vulnerability in iOS and use it to make another jailbreak."Though attackers can use jailbreaking to compromise devices, since it often opens the door to installing more types of malware, the research community generally embraces the practice. Jailbreaks make it easier to remove Apple's restrictive protections, analyze how iOS behaves, and probe potential weaknesses and flaws. Apple and iOS-focused security researchers have been locked in an increasingly heated battle over the tradeoffs of Apple's stringent security protections. Researcher say that these defenses can make basic security assessments—like whether an iOS device has been compromised by malware—harder to execute. Apple sued the security company Corellium last year for making an iOS emulator that researchers can use to analyze the operating system.