Ethical hackers have released an advanced jailbreak tool that exploits a zero-day vulnerability to support the latest iOS 13.5 version.
A crew of hackers collectively calling themselves Unc0ver have masterminded a tool allowing users to jailbreak iOS 11 and later, including iOS 13.5 that went live just last week. The utility circumvents the security and software limitations built into iDevices. To deliver this full-blown functionality, the current version 5.0.1 of the tool reportedly harnesses a zero-day vulnerability in the XNU kernel tasked with managing the hardware facet of Apple’s mobile gadgets. By leveraging Unc0ver, users are able to install apps beyond the range of Apple-approved ones. Plus, it brings elevated “superuser” privileges to one’s fingertips. According to the developers, the jailbreak doesn’t affect the battery life, nor does it prevent users from enjoying Apple proprietary services or reduce the security provided by the iOS sandbox. Features like FaceTime, Apple Pay, iCloud, and iMessage will continue to work seamlessly. At the time of this publication, the Cupertino company’s engineers haven’t officially verified the tool’s code or commented on the previously unknown loophole that the hackers have allegedly exploited.
On a side note, iOS jailbreaking isn’t prohibited under the Digital Millennium Copyright Act (DMCA). While categorized as legal, though, it could be a slippery slope. Interfering with the normal condition of the mobile operating system is likely to diminish the native defenses. Moreover, since it allows for installing uncertified software from outside of the Apple App Store, the odds of getting hit by malware disguised as something legit increase dramatically. Whereas the Unc0ver team has reassured the community about the intactness of the built-in iOS security mechanisms and no chance of personal data exposure, well-motivated cybercriminals might prove this wrong down the line.
The jailbreak tool under scrutiny has become a whole new milestone in this type of activity. Apple has been consistently pulling the plug on this phenomenon over the past years, which made the actors behind quite a few popular jailbreak-focused initiatives to call it quits. Unc0ver has presumably changed this. To apply the hack – which is free, by the way – users will need a USB cord to tether their iDevices with a macOS or Windows computer that has an additional application installed. To pull off this hack using a Linux machine, an Apple developer account is required. It’s noteworthy that this process doesn’t have to rely on an external device as long as the gadget has been jailbroken before. If done correctly, the jailbreak stays in effect after regular iOS updates and device restarts. To revert to a pre-jailbreak state, all it takes is restoring the original operating system settings.
As was the case with previous hacks of that sort, Apple will probably roll out an iOS update patching the still-undisclosed security flaw sometime soon. In the meanwhile, users should weigh up the pros and cons carefully before taking this route. No matter how sophisticated and foolproof the Unc0ver v5.0.1 tool is claimed to be, jailbreaking is potentially risky business that might entail security and privacy issues.