A jailbreaking tool that claims to work with iPhones running iOS 11.0 to the latest iOS 13.5,was released on Saturday, one that takes advantage of a zero-day exploit that Apple has yet to fix.
Announced a few days before its Saturday release, the latest version of “unc0ver” tool uses an unspecified zero-day exploit that was discovered by researcher “pwn2ownd.” Version 5.0 is now claimed to be capable of jailbreaking “every signed iOS version on every device.”
Wednesday’s announcement of the tool’s update arrived within hours of Apple’s release of iOS 13.5, which included various features and tweaks to help users cope with the ongoing coronavirus pandemic. These changes include altering how Face ID treats users wearing face masks, and the inclusion of the Exposure Notification API.
According to the tool’s website, the jailbreak has been “extensively tested” to work on all iOS device versions between version 11.0 and 13.5. It is also claimed to be “utilizing proper and deterministic techniques” for a stable jailbreak, as well as “utilizing native system sandbox exemptions” to keep the device secure while still allowing access to jailbreak files.
The security claim is unusual, as jailbreaks rely on a flaw in iOS security procedures and mechanisms in order to function, but this claim is difficult to verify.
The process of performing the jailbreak on an iPhone is a relatively lengthy procedure, with the number of steps required making it potentially daunting to most users. While jailbreaking offers some benefits including allowing apps to be installed without going through the official App Store, the procedure shouldn’t be attempted by typical iPhone users without good reason.
It is unclear how long the jailbreak will be functional for, as Apple is highly likely to be working on discovering and fixing the vulnerability. In August 2019, a version of unc0ver was released to take advantage of a vulnerability Apple mistakenly unpatched in iOS 12.4, a fix that was quickly repaired by the company.