[realusername]

I don't really have the same opinion on this, I consider the obscurity of the platform a security issue by itself. At the end of the day, remote jailbreak exploits are pretty rare nowadays so you need to have a real access to the machine.

To have an idea if an app is sharing your data you need to be jailbroken, to have an idea of what is being sent from your device you need to be jailbroken, to force a stricter control on apps you also need to be jailbroken. I mean, you get the point. Any action you could do regarding security requires you to be jailbroken first.

[tptacek]

We're discussing this on a story about an untethered jailbreak --- a kernel RCE.

[realusername]

Yes that's true indeed, I was talking in general. Maybe having a more opened device would help getting security fixes faster? One of the main reason this exploit was heavily obfuscated was to avoid Apple to patch it.

[saagarjha]

I would doubt that. More likely, it was to keep the script kiddies away. (There’s currently drama going on in the community right now about stolen code…not that this us anything new :/)

[lawnchair_larry]

This is neither untethered nor RCE.

[lilyball]

Intentionally jailbreaking your phone isn't untethered or RCE. But this particular jailbreak could be combined with an RCE in any application running on the device in order to compromise the system.

[lawnchair_larry]

No disagreement that a separate, unrelated remote RCE would indeed be a remote RCE. This is still a tethered LPE.

[saagarjha]

Thethered, not untethered. There hasn’t been a tethered jailbreak in quite a while.