Hackers have released a new jailbreak that allows any user to get root access on any iPhone, regardless of hardware, as long as iOS 11 or higher is running.
Called Uncver, the exploit only works if someone has physical access to an unlocked device and connects it to a computer. Because of these requirements, the jailbreak is unlikely to be used in most malicious scenarios, e.g. B. by malware that secretly receives unlimited system rights for an iPhone or iPad. Unc0ver's inability to survive a restart also makes it less likely to be used in hostile situations.
Unc0ver is more of a tool that allows users to unlock locks that Apple developers have put in place to restrict important functions like installing apps, monitoring operating system functions, and various other optimizations that are standard with most other operating systems. With the jailbreak, users can, for example, purchase a UNIX shell with root rights for the iPhone. From there, users can use UNIX commands to do what they want.
"From a developer and research perspective, that's the greatest attraction for me," said Will Strafach, jailbreaking expert and founder of the company that develops the Guardian Firewall and VPN for iOS. "I am sure that other answers will also be available, such as topics and the use of unauthorized apps such as terminals / emulators / etc."
There are several ways to jailbreak. The easiest way is to install AltStore on a Mac or PC (the Windows version is still in the beta phase). The app offers an alternative to the Apple-approved App Store. From there, users complete a series of steps to run AltStore to download, sign, and – after connecting to the device with a Lightning cable – run the Uncver binary on the device. Other methods include installing the jailbreak using the iOS Xcode development environment or using Cydia Impactor, a graphical user interface for working with mobile devices. Unc0ver developers offer step-by-step instructions for all methods.
Unc0ver is released eight months after the debut of Checkm8, a jailbreak that takes advantage of an irreparable bug in the iOS bootloader. Checkm8 also requires users to have physical access to an unlocked phone. The jailbreak only works on 12 generations of iPhone, from the 4S to the X, but since it targets the physical boot loader, the exploit works on these devices in the long run.
In contrast, Unc0ver works on any device running an iOS version released since September 2017 or later. The bug that the new jailbreak exploits is at the core of the operating system. That means unc0ver is less able than Checkm8 to disable or bypass certain iOS restrictions and security mechanisms. Example: The unc0ver does not offer access to JTAG, an interface for debugging and emulating processors.
As with most jailbreaks, the biggest risk of unc0ver is that less experienced users use their unrestricted access to disable important settings or do other unwise things. There is also the possibility of data loss. The team that discovered the iOS zero-day vulnerability and the code that exploited it is also known as unc0ver. The group has many years of experience in developing well-functioning apps. Assurances made by members in this weekend's announcement include:
- No additional security holes
- No impact on stability or battery life
- Compatible with iCloud, iMessage, FaceTime, Apple Pay and most other Apple services
- Allows installation of future iOS updates (though probably not one that breaks unc0ver)
Apple will inevitably resolve the vulnerability relatively quickly. People who want to try unc0ver have a limited amount of time to act.