Fed up with Apple’s walled garden? Fancy running some unauthorised code on your shiny new iPhone? Unafraid of major security risks? The team behind iOS jailbreaking tool unc0ver just released version 6.0.0, bringing with it support for iOS versions 11 to 14.3.
Launched in the early hours of Sunday morning, the latest version of unc0ver exploits a race condition in the Mach voucher system (CVE-2021-1782) that allows it to run code with elevated privileges. Apple patched this bug with the release of iOS 14.4, and has since stopped cryptographically signing iOS 14.3, thus preventing users from downgrading.
To be clear, unc0ver only works if you haven’t upgraded your iPad or iPhone to the latest version of iOS/iPad OS. The software has allegedly been tested on a swath of devices, including the iPhone 11, iPhone 12, and iPhone 12 Max. We haven’t been able to verify this independently, though.
Major security risk
Jailbreaking - as Reg readers know - is not for the faint of heart. It requires a degree of technical nous, and a willingness to miss out on new iOS features and security patches. Moreover, many apps (especially banking apps, or anything that handles confidential data) will refuse to run on devices that have been liberated from Cupertino’s clutches.
This, obviously, presents a major security risk. Ironically, one of the reasons why Apple is so diligent about closing the holes used by jailbreaking software is because they can easily be used to infect iDevices with other virtual nasties.
Breaker, breaker. Apple's iOS 12.4 update breaks jailbreak break, un-breaks the break. 10-4READ MORE
Although unc0ver isn’t the first jailbreak with support for iOS 14, it’s the only one with support for recent devices. Long-time stalwart of the scene, Checkra1n was the first to cross the line, taking advantage of BlackBird: a flaw in the T2 chip that allows third-party checks normally done by the Secure Enclave Processor. Support is patchy, and mostly limited to older devices like the iPhone 6s Plus and SE.
Although jailbreaking is legal in the US (it’s a bit fuzzier in the UK*), it’s not strictly speaking kosher by Apple’s standards, violating the iOS EULA. In practice, this means that if you take a jailbroken device to the Apple Store, they may refuse to honour the device’s warranty. This issue can be avoided by reverting to factory settings, where possible.
The pay-off is the ability to run apps that are otherwise unavailable from the app store. Security-minded folks are able to run a bevy of hacking tools, such as Metasploit and Burp. Others are more functional, with tools focused on file management and screenshot creation available from the Cydia app store.
Other code is skin-deep, customising the look and feel of how iOS works beyond the stock environment. ColourMyDock, for example, lets you change the hue of the iOS dock. Another app, Magma Evo, offers Android-style Control Center customization. ®
* The relevant law, "Circumvention of technical devices applied to computer programs" (contained in Copyright and Related Rights Regulations 2003, a statutory instrument which modified the Copyright, Designs and Patents Act 1988) only seems to apply to jailbreaking for the purposes of breaking copyright, and so far there have been no relevant cases litigated in UK.