Lily Hay Newman
At this point, Apple has locked iOS down enough that a full jailbreak—unlocking a device to install whatever you want on it—of current releases is extremely rare. When such a capability does exist, it’s usually kept quiet and sold for millions of dollars by exploit brokers. But now, thanks to an apparent Apple gaffe, the latest version of iOS can be jailbroken at this very moment. There’s even code to do it on Github.
As first reported by Motherboard, researchers discovered over the weekend that in its recent iOS 12.4 release, Apple had accidentally rolled back a patch that fixed a bug from iOS 12.3. As a result, it’s possible to exploit the vulnerability to jailbreak iOS 12.4, making it the first current-version iOS jailbreak to be publicly disclosed in years.
“It’s really a surprise to see,” says Will Strafach, a long-time iOS jailbreaker and founder of Sudo Security Group. “It’s been so long since an up-to-date firmware could be jailbroken. But now that Apple knows, it won’t be for long. I expect an update within a few days.” Apple did not return a request from WIRED for comment.
“It puts millions of iOS users at risk.”
Patrick Wardle, Jamf
Jailbreaking allows iOS users to add apps and other functions that Apple wouldn’t normally permit to their iPhones. iOS has rigid limitations that are at least partly meant to protect users from malicious apps, but that also preserve Apple’s control over the ecosystem. As a result, jailbreaking erodes some system protections, but also allows users to break free from Apple’s constraints.
Hacker Pwn20wnd posted a public version of the jailbreak on Monday that iOS users are already using to redesign the look of their iOS home screens and install unapproved apps. Researchers have warned, though, that jailbreaking potentially makes a device less secure, undermining protections that keep apps from reading each other’s data, and opening the iPhone to potential attacks. An unscrupulous developer could even add functionality to an App Store-approved app that would trigger a jailbreak when a user installs it.
“This is rather inexcusable, as it puts millions of iOS users at risk,” says Patrick Wardle, principal security researcher at the Mac management firm Jamf. “And the irony, as others have already noted, is that since Apple doesn’t allow us to downgrade to old versions, we’re really kind of sitting ducks.”
Sudo Security’s Strafach says that in detailed scans of the App Store he hasn’t seen any such malicious behavior cropping up so far. But the threat remains, as does the risk that attackers might use other paths to compromise devices—tainted third-party apps, Apple’s enterprise distribution certificates, or other remote exploits.
As a jailbreaking fan, though, Strafach also sees opportunities for exploration and insights that outweigh the risks. And he notes that as iOS has matured, jailbreaks have gotten harder to weaponize when they do crop up. But it’s still not something to undertake lightly.
The bigger significance of the incident relates to longstanding tensions between Apple and the security research community. The company announced earlier this month that it was finally launching a Mac bug bounty, after introducing an iOS program in 2016. And Apple even said this month that it will distribute special iPhones that are less restrictive than their consumer counterparts to security researchers. But the company is also in the process of suing the mobile security testing firm Corellium for copyright infringement, because Corellium offers a virtual iOS build that researchers can test on remotely. Both Wardle and Strafach point out that Corellium’s tool could have been used to catch the mistakenly reintroduced vulnerability in iOS 12.4.
“This shows that Apple continues to struggle with security—even on iOS which is clearly their priority,” Wardle says. “And this was uncovered by an independent security researcher, which illustrates the value such researchers add. Apple’s more communicative approach with their new bug bounty program is good, but their attempts to shut down researcher tools like Corellium are bad.”
Whether you take the risk of jailbreaking your iPhone today or not, it seems like lately Apple is the one living on the edge.
More Great WIRED Stories