The challenges of jailbreaking iOS 6
Since iOS 6 arrived on September 19, the jailbreak community has been hard at work trying to achieve the ultimate goal -- an automated, untethered jailbreak that works on all devices that can run the newest version of iOS. Yet according to a new article by Mathew Schwartz of InformationWeek, a full iOS 6 jailbreak may be an elusive goal.
Schwartz talked to a number of security experts, coming up with a list of six reasons why the untethered iOS 6 jailbreak may be difficult. First, security researcher Charlie Miller of Twitter noted earlier in the year that "finding sufficient vulnerabilities takes smarts." That's not to call the jailbreak community dumb, but that it's incredibly hard to find "known, exploitable vulnerabilities" in an advanced operating system.
The next challenge for would-be iOS 6 jailbreakers is time -- it takes a lot of time to find those vulnerabilities, with the first untethered jailbreak for the iPhone 4S and iPad 2 taking a full 10 months to accomplish thanks to the A5 chip that was new to those platforms.
Third, Schwartz notes that "website-based untethered jailbreaking is insanely difficult." He describes jailbreaker Comex's JailbreakMe.com website, and notes that Comex has interned at Apple. Perhaps Comex has divulged some of his legendary tricks to Apple, which would make it even more difficult for a lesser hacker to accomplish a jailbreak.
Fourth, any jailbreak has a very limited shelf life. As soon as a jailbreak is announced, Apple goes to work to patch the vulnerabilities that were exploited. After version 2.0 of JailbreakMe.com appeared, it took Apple only two weeks to release patches to negate the exploits.
In his fifth point, Schwartz notes that an early iOS 6 kernel exploit described earlier this month -- it allowed Cydia to be installed on an iPhone 5 -- couldn't be used alone to jailbreak iOS 6 devices.
Finally, Apple has done a much better job of locking down iOS 6. Azimuth Security researchers Mark Dowd and Tarjei Mandt, who described the iOS 6 kernel exploit, noted in a presentation in Kuala Lumpur this month that Apple has hardened the iOS kernel, provided better protection against memory or heap corruption errors, and improved stack overflow prevention. In addition, some APIs that had been used to execute exploits have been zeroed out, and Apple has further randomized address space layout randomization (ASLR) to make it more difficult to circumvent.
Still, the jailbreak community is persistent, and it may be just a matter of time before a full untethered iOS 6 jailbreak is announced. Whether that happens before iOS 7 is widely adopted remains to be known.