Key Takeaways
1. Developer GeoSn0w reported a glitch allowing iPhones to access iPad-exclusive features like Stage Manager and split-view multitasking by altering MobileGestalt.plist.
2. MobileGestalt is an internal file that informs iOS about device specifications and features, and it can be manipulated through a vulnerability affecting certain iOS processes.
3. The glitch enables iPhones to modify restricted files, but not highly protected system folders, focusing on changing feature settings rather than bypassing security measures.
4. A demonstration by developer Duy Tran showed an iPhone using iPad-like interface elements, achieved by making the device present itself as an iPad.
5. The exploit works on iOS 26.1 and 26.2 Beta 1, but the report warns against average users attempting this due to potential risks and complications.
Developer GeoSn0w has released a report about an iOS glitch that could let iPhones access various features exclusive to iPads, like Stage Manager, floating app windows, split-view multitasking, and the iPad-style dock. The report states that this unusual behavior is triggered by altering Apple’s MobileGestalt.plist file through a vulnerability affecting the itunesstored and bookassetd processes on iOS versions 26.1 and 26.2 Beta 1.
Understanding MobileGestalt
MobileGestalt is an internal file used by Apple to determine the hardware specifications of a device and which features to enable. It contains encrypted values that inform the system about whether the device has features like Dynamic Island, Touch ID, a microphone, or multitasking capabilities. GeoSn0w points out that several existing tweak tools, such as Nugget, Misaka, and Picasso, depend on changes made to MobileGestalt, although these typically need jailbreak-level access.
The Bug’s Impact
This glitch allows the iPhone to modify files in areas it typically wouldn’t have permission to, including the directory where MobileGestalt is saved, meaning it can alter settings it should not be able to. Nevertheless, it cannot access the highly protected system folders that are only manipulatable by the core parts of iOS. GeoSn0w notes that older forms of this bug were exploited by individuals attempting to bypass iCloud locks, but this report focuses solely on flipping feature settings rather than circumventing any security.
Demonstrating the Glitch
In a demonstration, developer Duy Tran (@khanhduytran0 on X, previously Twitter) shared a video that showcased an iPhone using interface elements typically reserved for iPads. These features include windowed apps, pinned apps, overlay apps, picture-in-picture mirroring, the iPadOS dock, and Stage Manager controls. GeoSn0w explains that this is achieved by tweaking hidden settings that allow the device to present itself as an iPad, therefore unlocking iPad-only features.
As the MobileGestalt “CacheData” section appears jumbled, the article mentions that developers investigate another system file to locate the encrypted value indicating the device type. They utilize Swift to examine the necessary segments of the file, followed by using Python tools created by others to implement the changes. GeoSn0w indicates that the exploit has an unpredictable success rate, often requiring several attempts before a reboot.
Although they cannot alter the file directly from the phone, they can read it with a custom app they develop. Afterwards, they transfer the data to a computer for analysis.
This glitch works on devices running iOS 26.1 or iOS 26.2 Beta 1, and some tools might utilize it in the future. However, the report emphasizes that it is solely for illustrating the bug’s behavior and not something average users should attempt.
Source:
Link
Leave a Reply