New unc0ver jailbreak works on all modern iOS devices
Just as Apple released iOS 13.5 to the world, hackers at unc0ver announced that they had developed a jailbreak that would work on devices running iOS 11 all the way up to the brand new iOS 13.5.
In what follows, we’ll try to answer some common questions about the unc0ver jailbreak. Along the way, we’ll discuss the whys and whats of jailbreaking, and explain what it all means for average iOS users in terms of security and privacy.
What is unc0ver?
Unc0ver is a jailbreak tool for iOS devices. It can be loaded onto an iPhone using one of several methods. Once active, unc0ver gives the user control over their device to an extent not ordinarily permitted by Apple.
Why do people jailbreak iOS devices?
Some people jailbreak their devices so that they can install apps that aren’t available in the App Store. Others want to make customizations and tweaks to their devices for functional or aesthetic reasons. Many security researchers use jailbreaks to get a closer look at what iOS is doing “under the hood” — so that they can better understand and defend against threats to the platform.
Apple has historically made it very difficult to do any of these things on iOS devices. Their argument has always been that the famously locked-down mobile operating system was necessary in order to protect users. It’s also a safe bet that the company just doesn’t want too many people poking around its codebase — both for security and intellectual property reasons.
In any event, the end result is that people who want more control over their devices turn to jailbreaks to get it.
How does unc0ver work?
Under normal conditions, it’s not possible for iOS users to gain the kind of “root” access, or administrative rights, that they have on jailbroken devices. There is a built-in system of safeguards designed to prevent exactly this from happening.
However, from time to time someone discovers a security flaw that allows them to bypass the normal restrictions and acquire the kind of permissions needed to install unapproved apps, add customizations, and see behind the scenes of the operating system — in other words, to jailbreak a device. Again, this isn’t supposed to happen, but no system is completely secure (alas, not even iOS).
The unc0ver jailbreak exploits a vulnerability in the kernel, or core code, of iOS. It is classified as a “semi-untethered” jailbreak. This means that initially, the jailbreak tool has to be installed on the iOS device using a connection to a computer — and that on each boot, the device will revert to its normal, pre-jailbroken state. However, once the jailbreak app is installed for the first time, it only has to be launched again in order to re-jailbreak the phone after booting up.
Interestingly, the developers of the unc0ver jailbreak say that for safety reasons, it doesn’t affect standard iOS sandboxing protections. This means that all apps running on the jailbroken device are prevented from accessing data and locations that they shouldn’t have access to.
Are jailbreaks dangerous?
The short answer is: yes and no, depending on who you ask — and on what you mean by “dangerous”.
If you say that jailbreaking an iOS device should never be done by anyone under any circumstances, you’ll quickly hear passionate objections from security researchers and casual jailbreakers alike. These folks tend to dislike Apple’s heavy-handed approach to controlling what happens on their devices — and they correctly point out that the jailbreak community has contributed a great deal to iOS device security and secure app development.
Those are fair points — but it would also be a bit disingenuous to claim that jailbreaking is perfectly safe. For one thing, if you load unvetted apps onto your phone, you are definitely exposing yourself to additional risks. To be frank, Apple has enough trouble keeping the bad stuff out of the actual App Store — and when you install an app from an unofficial source, all bets are off. While jailbreak developers may take steps to leave Apple’s sandboxing protections intact, you’re still trusting them to a.) actually do what they say they’re going to do and b.) get the implementation right. Regarding the latter point, a quick perusal of past iOS security update notes should be enough to demonstrate that even Apple has trouble making sure apps stay in their lanes!
In addition, there are other factors to think about. For one thing, jailbreaking an iOS device technically voids the warranty. While some will argue that just updating a jailbroken device will remove all traces of a previous jailbreak — at least well enough to pass the kind of inspection you’re likely to encounter at an Apple Store — it’s something to be aware of. Furthermore, there are functionality issues to consider. Some official App Store apps come equipped with jailbreak detection, and will refuse to run on a jailbroken device. If your PayPal or banking app fails to work when you really need it, that could be a high price to pay for a slick custom look on your iPhone.
All in all, we’d say that while jailbreaking a device isn’t automatically going to hurt you, it does constitute a calculated risk. For security professionals and experienced hobbyists who are willing to accept the possible consequences, jailbreaking an iOS device may be worth that risk. For most users, however, the potential rewards probably don’t justify it.
What does this mean for iOS security?
For most of us, a jailbreak in and of itself doesn’t mean much: We’re not going to jailbreak our devices, and it’s unlikely that someone else would have the kind of physical access they’d need to install unc0ver and then use it to do us harm.
However, jailbreaks are always, by the very fact of their existence, an indication that something has gone seriously wrong with iOS security. Remember that jailbreaks aren’t even supposed to be possible; the only reason they work is because someone found a previously unknown vulnerability that can be used to gain root access on an iOS device.
While jailbreakers aren’t using the vulnerability to do anything wrong, it still exists — and usually, Apple is just finding out about it along with everyone else. Bad actors could conceivably find a way to exploit the vulnerability for malicious purposes. If they do this before Apple can figure out how to patch the flaw and roll out an update, there could be a security risk to iOS users.
How can I stay safe?
At this point, it’s a waiting game. Apple is no doubt working overtime on a patch to whatever kernel vulnerability was used by unc0ver. Since all signs point to Cupertino being caught off guard on this one, we’re probably looking at a time-frame of weeks instead of days, but that’s really just an educated guess — the only people who truly know are Apple’s development teams, and they’re not likely to issue a public statement on their progress before the fix is available.
In the meantime, the best thing to do is to keep calm and practice good mobile device security.
Be especially careful when installing new apps. If you’re not familiar with the developer, or you’re not 100% sure about their reputation for secure development, it might be better to hold off until the OS update arrives. In addition, pay special attention to how you handle emails and messages. Be vigilant about only opening attachments and clicking on links that come from trusted sources — and remember that this applies not only to emails, but also to content that arrives via messaging apps. Finally, consider setting up automatic updates on your iOS device if you haven’t done so already. That way, when Apple eventually releases the patch for this kernel vulnerability, you won’t have to do anything to upgrade your device.