Unc0ver: Jailbreak for iOS 11 to 13.5 available!

M.Sc. Chris Wojzechowski

Unc0ver: Jailbreak for iOS 11 to 13.5 available!

Since Saturday, a non-permanent and fully reversible jailbreak is available for iOS 11 to 13.5. The possibility to break out of Apple’s operating system is based on a zero-day gap which is at home in the kernel. The developers are positive that the jailbreak also works with iOS 14. With the release of the jailbreak the developers renounce the participation in a bug bounty program.

Is it still worth breaking out of Apple’s mobile operating system today?

There were times when it was good manners to jailbreak the iPhone. Functions like the flashlight, which are now firmly anchored in iOS, were already usable then.

For security researchers
The publication of the current jailbreak is especially interesting for security researchers. This allows a deeper look into the system. It also facilitates the analysis and research of security aspects of individual apps. However, it must be taken into account that breaking out of the Apple operating system entails increased security risks.

For users
As a rule, a jailbreak is not worthwhile for end users*. Even if the execution is not permanent, i.e. has to be repeated after a restart of the operating system, the benefit is limited. If you still want to use the jailbreak for iOS, you should make a backup beforehand. This allows the system to be set up to the restore point.

This is especially worthwhile if services such as iMessage or Apple Pay no longer work as before. With former jailbreaks these limitations became quickly noticeable. The implementation could also have an influence on the warranty of the affected devices. All this does not happen with the now published breakout from the system.

The unc0ver jailbreak - compatible, stable and secure
The current jailbreak with instructions is available at unc0ver.dev Source: Screenshot unc0ver.dev

Who is behind the jailbreak for iOS?

Behind the release is a group called un0ver. According to Wired, a zero day gap was found and exploited to perform the jailbreak. Alternatively, the security researchers could have reported it. The kernel security hole would probably have caused the distribution of a bug bounty of several thousand dollars.

Buying and selling iOS security holes is usually a worthwhile business. Apple’s own Bug Bounty program distributes up to one million USD. (Google distributed a total of 6.5 million USD last year.) In the free economy, however, these gaps are no longer worth so much. Zerodium, the leading platform for the purchase of such critical security holes, has meanwhile stopped the purchase of iOS security holes.

The sale of iOS vulnerabilities is no longer attractive. A jailbreak becomes more likely.
Zerodium stops buying iOS security holes Source: Screenshot twitter.com

How do I install the current jailbreak?

Directly from the iPhone itself the software for the outbreak cannot be executed. If you own a computer with macOS, Windows or Linux you can follow the instructions of unc0ver to break out of the mobile operating system of Apple to install e.g. the Cydia Store.

If you own a device up to model year 2017, you can also use Checkm8 to break out of the system. The operating system must not be above version 13.3. This exploits an unpatchable gap. Devices such as the iPhone 8 are affected. Since September 2019 the alternative jailbreak is known.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.