Askeal Logo

Jailbreaking

Jailbreaking is the process of removing manufacturer-imposed restrictions on a mobile device, most commonly Apple iPhones and iPads. It grants the user root-level access to the operating system, allowing installation of unauthorized apps, modifications, and deeper control of system functions.

What is jailbreaking?How it typically works?Common techniques & variantsImpactFurther reading

What is jailbreaking?

Jailbreaking bypasses the security controls built into a mobile operating system. On iOS, Apple enforces strict sandboxing, app store validation, and code-signing mechanisms to protect users and enterprise environments. By jailbreaking, a user or attacker removes these protections, enabling apps and code that were never vetted by Apple. While some individuals jailbreak devices to gain customization, security researchers and attackers may use jailbreaking as a way to escalate privileges, bypass Mobile Device Management (MDM) policies, or deploy malware. For organizations, jailbroken devices represent a serious risk because they break the device’s trusted security model.

How it typically works?

  1. Exploitation of a vulnerability: Jailbreaking tools rely on exploiting flaws in iOS kernel, bootloader, or system processes.
  2. Privilege escalation: The exploit grants root-level access that normally is restricted.
  3. Persistence: Some jailbreaks modify the boot process (untethered) so the device remains jailbroken even after restart, while others require re-exploitation after reboot (tethered or semi-tethered).
  4. Installation of alternative package managers: Tools like Cydia allow users to download apps and tweaks outside the official App Store, bypassing Apple’s review process.

Common techniques & variants

  • Tethered jailbreak
    Requires connecting the device to a computer after every reboot to reapply the jailbreak exploit.
  • Untethered jailbreak
    Survives reboots, providing permanent elevated access until patched by the vendor.
  • Semi-tethered or semi-untethered jailbreak
    Device can reboot normally, but jailbreaking features need reactivation through an app.
  • Bootrom exploit
    Exploits vulnerabilities in the device’s bootrom, which cannot be patched via software update. Considered the most powerful type.
  • Userland exploit
    Takes advantage of vulnerabilities in user-level applications or services, easier for vendors to patch.
  • Rootless jailbreak
    A more recent technique that avoids direct modification of system partitions but still bypasses Apple’s security model.

Impact

For individuals, jailbreaking voids warranties and exposes devices to malware not screened by Apple. For enterprises, the risks are significantly higher:

  • Loss of integrity of mobile security policies (MDM profiles can be bypassed).
  • Exposure to malicious apps distributed outside the App Store.
  • Privilege escalation enabling attackers to steal credentials, corporate data, and cryptographic keys.
  • Easier exploitation of vulnerabilities due to disabled system protections.
  • Increased likelihood of persistence mechanisms making malware removal more difficult.

From a SecOps perspective, jailbroken devices are considered compromised assets and should be treated as high risk.

Further reading

  • Apple: Support information on the dangers of jailbreaking. Read more
  • OWASP Mobile Security Testing Guide (MSTG): Jailbreak detection and implications. Read more
  • CISA: Mobile Device Security Practices. Read more
  • SANS Institute: Mobile security and jailbreak detection. Read more
  • Check Point Research: Jailbreak exploits and analysis. Read more

Related topics

Mobile Threat Defense (MTD)SpywareEndpoint Detection and Response (EDR)