The hacker group UncOver has released a new jailbreak tool for iOS devices that includes the most recent 13.5 release of the operating system.
Jailbreaking is the process of hacking an iOS device to allow users to remove software restrictions put in place by Apple. A jailbroken phone allows users to install third-party software not available in the App Store and gives them the ability to customize the devices.
The new jailbreak release, Unc0ver 5.0.0. jailbreaks iOS from versions 11.0 onward and exploits a “zero-day” vulnerability that Apple Inc. is not aware of. The tool is said to be the first zero-day jailbreak release since iOS 8.
Notably, a jailbreak was released for some iOS devices in August, but that tool, released by Pwn20wnd, exploited a vulnerability in iOS devices that had been patched by Apple from iOS version 12.3 and later. Pwn20wnd, as a member of the Unc0ver team, discovered the zero-day vulnerability used in the new jailbreaking tool.
The tool can be used from iOS, macOS, Windows and Linux. Unc0ver said that the jailbreak is stable and doesn’t drain battery life or prevent the use of Apple services such as iCloud, Apple Pay or iMessage. “This jailbreak basically just adds exceptions to the existing rules,” Pwn20wnd told Wired. “It only enables reading new jailbreak files and parts of the file system that contain no user data.”
Although early reviews for the release are positive, jailbreaking an iOS device still presents a potential security risk. iOS may not have the same freedom to install apps and customize appearance that Android has, but Apple has always countered that it provides a higher level of security. By opening the door to nonreviewed iOS apps, users run the risk of installing malware and other nefarious apps on their devices.
Apple has yet to respond to the news but it can be easily guessed that they’ll be looking to identify the zero-day vulnerability used by Unc0ver and seeking to patch it as soon as possible. In the smaller jailbreak in August, Apple delivered a patch for the exploited vulnerability in seven days. Presuming that new vulnerability can be patched, a similar reaction can be expected again.
From: siliconangle.com Image: Unc0ver