|
|
|
|
|
|
by xoa
2040 days ago
|
|
|
>Jailbreaking uses vulnerabilitities, but doesn't (by itself, of course it allows the user to) introduce any. What? The entire point of jailbreaking is to leverage specific kinds of vulnerabilities, often only exploitable via physical access (a tether and DFU mode is typical), in order to root the system so that afterwards other stuff can be done with it more conveniently. Sometimes this even necessitates further security compromises. To use checkra1n itself as an example, last I checked in order to use it on A11 devices (iPhone 8/8+/X) with iOS 14 you must give up on using any passcode on the device via the "Skip A11 BPR Check" option. It's certainly worthy to note that none of this should inherently be necessary. Apple could offer power users the option to load their own root certificate alongside Apple's, and then sign and run things with the full iOS technical security model from there. Apple is mixing business desire with security desire. Further, many of the threat vectors introduced by jailbreaking are ultimately the same we deal with on the PC, so they're "new to an iDevice" but something technical users can often mitigate. And it can even offer new security options sometimes to go along with it too! But none of that means that jailbreaking isn't introducing new threat vectors to the system. It is. It's just that it's often worth it to many of us given the alternatives is all. |
|
|
The option of installing a root cert now requires users to refuse to install root certs at work or for some App required to get cheaper insurance or whatever crazy idea you could think of. Users would need to know what is possible (at that point anything) and also have the power and incentives to refuse.