Apple’s efforts to discourage iOS jailbreaking have typically left enthusiasts waiting a while until code sleuths discover a flaw that lets them bypass safeguards and break some of the platform’s rules. Not this time around, though. The Unc0ver team has released (via TechCrunch) a jailbreak that works with every iPhone that runs iOS 11 or newer, including iOS 13.5 — yes, Apple’s days-old release is already eligible. This may be appealing to fans willing to take the risks associated with jailbreaking (don’t do this unless you’re aware of what could go wrong), but the effect is a mixed bag that says as much about Apple’s security concerns as anything else.
Lead developer Pwn20wnd told Wired that this only really “adds exceptions to the existing [security] rules.” It should maintain user data protections, preserve Apple’s sandboxing (to prevent apps from accessing unauthorized info) and allow secure features like Apple Pay and iMessage. However, it’s based on a zero-day exploit. The same flaw that allows derestricting iOS could also be used for malicious purposes, and it may take a while for Apple to patch the vulnerability. Jailbreaking can also the number of conduits for attacks simply by removing some barriers, and there hasn’t been enough time to assess just what added security risks there are, if any.
However safe the jailbreak may be, it underscores a resurgence of iOS security issues in recent months. A Mail app vulnerability raised concerns in April, although Apple said the practical risk was lower than some claimed. The iOS 14 leak has also left some worried that attackers might have months to prepare exploits before Apple even ships the new software, although there’s a lot that could change between now and the official debut. Add to that claims of a surfeit of iOS flaw reports and security appears to be more of an issue for Apple that it has in the past, even if the practical threat isn’t necessarily high.