Zhuowei Zhang shares powerful PoC that allows indefinite app signing on iOS 14.0-15.4

Apart from the checkra1n jailbreak, just about all of the jailbreak tools released in recent memory come in the form of a sideloadable app, which needs to be signed using your free or paid Apple Developer account or a third-party signing service.

Just this weekend, however, a major breakthrough was announced in the form of what appears to be a powerful new bug allowing apps to be signed indefinitely with arbitrary entitlements on all devices running iOS & iPadOS 14.0-15.4.

The news was first shared by security researcher Zhuowei Zhang via Twitter, and prominent jailbreak community developers such as Jake James quickly took notice, giving us a little more information about what the bug is capable of:

The easiest way to describe Zhang’s bug is to compare it to Linus Henze’s Fugu14 untether for the unc0ver jailbreak, as it’s being used currently.

Upon harnessing Zhang’s bug, an app can be signed indefinitely without needing re-signing, effectively letting users run that app after device reboots without the 7-day signing period for free Apple developer accounts and 1-year signing period for paid developer accounts that sideloaded currently contend with.

This obviously has significant implications for jailbreakers, as jailbreak apps are sideloaded and contend with these signing periods. Taking advantage of indefinite signing without re-signing requirements means a jailbreak app can provide a semi-untethered experience just what’s currently provided by Fugu14 and unc0ver for the limited devices they support.

One thing that sets Zhang’s bug apart from Fugu14, is that it supports all devices running iOS & iPadOS 14.0-15.4. As you will recall, Fugu14 only supports a small subset of devices, which makes Zhang’s method more preferable.

Additionally, the support for iOS & iPadOS 15.0-15.4 has possible implications for iOS & iPadOS 15-based rootless jailbreaks, such as the one that the Odyssey Team is currently working on.

It will be interesting to see how the jailbreak community makes use of this new bug in the long term, especially given the impending iOS & iPadOS 15 jailbreak.

What are your thoughts? Be sure to discuss in the comments section down below.