A new sandbox escape exploit is shaking up the iOS community. Researcher Hana Kim uncovered a flaw that affects system services like itunesstored and bookassetd on iOS devices. Apple patched it in iOS 26.2 beta 2, but every version up to 26.2 beta 1 remains vulnerable. This also gives users on supported firmware a rare opening that the jailbreak community has been waiting for since iOS 18.
The exploit relies on weaknesses within the MobileGestalt subsystem. This same system has powered many iCloud bypass tools, including iRemoval Pro. The devices running iOS 18.6 to 26.2 beta 1 can use the exploit. That range covers millions of devices and revives interest in tools that felt stuck for months.
Hana Kim published a full write-up under ādownload28_sbx_escapeā and shared the working exploit on its GitHub repo.
Users who want to try this still have a path. You can restore or downgrade to iOS 26.1 while Apple signs it. Check out the restore guides. This keeps the window open even if your device shipped with a newer version.
How the exploit works
iOS uses sandboxing to keep apps and services separated. MobileGestalt feeds device and system details to apps. Kim found a flaw in how itunesstored and bookassetd interact with MobileGestalt. By exploiting this, an attacker escapes the sandbox and gains higher privileges. This gives access to system-level files and settings on firmware from iOS 18.6 through 26.2 beta 1.
Once the sandbox breaks, several features become possible. Developers can enable hidden UI flags, run iPad-style interfaces on iPhones, bypass sideloading limits, or unlock restricted regional features like iPhone mirroring in the EU.
What this exploit unlocks
- Remove the three app sideloading limit
- Enable split view and floating windows meant for iPad
- Unlock features disabled on EU models
- Run tweak collections like Misaka or MisakaX
- Experiment with layouts and hidden interface flags
- Expand upcoming tools like Nugget, SparseBox, mikotoX and Nugget Mobile
These platforms relied on earlier MobileGestalt loopholes. They will now update to support the new exploit, which gives them room to grow again after months of stalled development.
Steps for users
- Check your device model and firmware.
- Visit an iOS signing status tracker to confirm if iOS 26.1 is still available.
- Restore or downgrade only after backing up your data.
- Wait for updated tweak managers if you prefer easy tools over command-line work.
- Avoid updating to iOS 26.2 beta 2 or later if you want to stay eligible.
- Understand the risks and be sure you want to continue.
This exploit marks a major shift for the jailbreak community. It does not give users a full jailbreak, but it breaks one of the biggest barriers by escaping the sandbox on a wide range of firmware.
Users on X, including Duy Tran and Huy Nguyen, already demonstrated iPadOS running on an iPhone 17 Pro Max, and developers expect tools like Nugget to ship new builds soon. The scene has fresh momentum, and many users now have a real reason to watch the next wave of releases.
