Hackers released a new jailbreak tool that works on Apple’s just-released iOS 13.5.
On Saturday (23 May), a hacking group called Unc0ver released a new ‘jailbreak’ tool for iPhones. The software tool unlocks all versions of the iPhone operating system between iOS 11 and the recently launched iOS 13.5.
By exploiting bugs in the iOS operating system, it allows users to bypass Apple’s settings that prevent users from having full control of their devices.
Users can then install apps and make changes to the device that aren’t authorised by Apple. However, users may also remove the security protections that Apple has built into its mobile operating system.
Wired reported that this is the first time in years that a jailbreak has been available for a current version of iOS for more than a few days.
The latest jailbreak
Unc0ver told Wired that the tool is available on jailbreaking platforms AltStore and Cydia, and that it does not drain battery life or prevent the use of Apple services such as iCloud, Apple Pay or iMessage.
The group claimed that the jailbreak preserves user data protections and does not undermine iOS sandbox security, though Wired said that the infosec community hasn’t had time to assess whether these claims are true or not.
Unc0ver lead developer, Pwn20wnd, told Wired: “This jailbreak basically just adds exceptions to the existing rules. It only enables reading new jailbreak files and parts of the file system that contain no user data.”
TechCrunch said that Unc0ver’s jailbreak is “not expected to last forever”, as Apple is likely working to patch the flaws that made it possible.
The publication also warned that security experts typically advise iPhone users against jailbreaking, as breaking out of Apple’s ‘walled garden’ security offerings can increase the surface area for new vulnerabilities to exist.
Raising questions about security
Less than a week ago, Vice Motherboard reported that hackers got a hold of the new iOS 14, months before it was due to be released.
Sources in the jailbreaking community said they believed an individual obtained a development iPhone 11 running a version of iOS that was designed for use only by Apple developers. The iOS 14 internal build was then reportedly extracted and distributed it to the hacking community.
Meanwhile, TechCrunch reported that exploit broker Zerodium will no longer buy certain iPhone vulnerabilities because “there were too many of them”.
In April, Apple also had to deal with buzz around security flaws in its native email app, which were discovered by security researchers at ZecOps. Apple denied that these flaws were exploited by hackers.