[realusername]

It always depends on which side of "security" we're talking about. You could argue that not having access to security tweaks & not being able to see what's going on because the OS is so locked down is a security issue in itself which can be solved by jailbreaking.

Currently, sharing security issues with Apple is a guaranteed that the tooling you are using to get access to your device won't work anymore, there's definitely an bad incentive to not report security flaws at the moment.

[tptacek]

That's right, which is why we called it "jailbreaking" in the 1990s when someone got mad at you on IRC and jailbroke your machine and stole your mail spool. I mean, jailbroke your mail spool.

I take your point, which is that jailbreaking is good if what you want is to run random unapproved code on your machine. But you didn't seriously engage with the comment you rebutted, because it is also true that jailbreak prevention prevents persistent kernel compromise --- is in fact a predicate for preventing persistent kernel compromise --- which is a thing that really does happen; in fact, it's far more relevant to the overwhelming majority of Apple users than running unapproved code is.

[realusername]

I don't really have the same opinion on this, I consider the obscurity of the platform a security issue by itself. At the end of the day, remote jailbreak exploits are pretty rare nowadays so you need to have a real access to the machine.

To have an idea if an app is sharing your data you need to be jailbroken, to have an idea of what is being sent from your device you need to be jailbroken, to force a stricter control on apps you also need to be jailbroken. I mean, you get the point. Any action you could do regarding security requires you to be jailbroken first.

[tptacek]

We're discussing this on a story about an untethered jailbreak --- a kernel RCE.

[realusername]

Yes that's true indeed, I was talking in general. Maybe having a more opened device would help getting security fixes faster? One of the main reason this exploit was heavily obfuscated was to avoid Apple to patch it.

[saagarjha]

I would doubt that. More likely, it was to keep the script kiddies away. (There’s currently drama going on in the community right now about stolen code…not that this us anything new :/)

[lawnchair_larry]

This is neither untethered nor RCE.

[lilyball]

Intentionally jailbreaking your phone isn't untethered or RCE. But this particular jailbreak could be combined with an RCE in any application running on the device in order to compromise the system.

[lawnchair_larry]

No disagreement that a separate, unrelated remote RCE would indeed be a remote RCE. This is still a tethered LPE.

[saagarjha]

Thethered, not untethered. There hasn’t been a tethered jailbreak in quite a while.