When Apple announced Apple Intelligence at WWDC 2024, it also had to acknowledge the biggest software fragmentation in iPhone history. iOS 18 would enable Apple Intelligence only on the iPhone 15 Pro models and the iPhone 16 series. The iPhone 15 and 15 Plus would be left out, as would every other iPhone model still in use.
Weeks later, we learned about the two big hardware constraints that make Apple Intelligence incompatible with the non-Pro iPhone 15 models. First, those iPhones feature iPhone 14 Pro-grade chips that might not be good enough to handle Apple Intelligence’s Neural Engine needs for on-device AI. The bigger bottleneck was apparently RAM, as the iPhone 15 has 6GB RAM instead of the minimum requirement of 8GB.
What if I told you there’s an iOS 18 hack that lets you enable not only Apple Intelligence on the iPhone 15 but also other features that might be exclusive to iPhone Pro models, like the Camera Control button and Always-On Display?
Before I show you the hack, I’ll tell you two things. First, Apple has patched the exploit, so most people will not be able to pull it off. More importantly, this hack is possible via a software vulnerability that might have been exploited in the wild.
It all started with a Reddit user who posted screenshots online showing a purported iPhone 15 model running software features it’s not equipped to support. The list includes Camera Control UI, Apple Intelligence with Siri and ChatGPT integration, Action button features, and Always-on display functionality.
Basically, the user turned a basic iPhone 15 device into a makeshift iPhone 16 Pro, assuming the information is accurate.
The photos shared by the Redditor do show the features they mention. As for how they work, the iPhone’s Back Tap feature is assigned to the Camera Control button. Also, one of the volume keys is on Action button duty, considering the iPhone 15 still has a traditional mute switch.
That is, even if the software hack can enable software features that are not supported on iOS 18, the phone still lacks the appropriate hardware.
How is all this possible? The Redditor explains they’ve used a Nugget tool that’s available on GitHub. It’s not quite a jailbreak, but it’s in the same category of unofficial apps that take advantage of iPhone exploits.
Nugget only works up to iOS 18.2 developer beta 2, as Apple has patched newer versions. The Nugget developers explained how this iOS 18 hack works:
Unlock your device’s full potential!
Sparserestore works on all versions iOS 17.0-17.7 and iOS 18.0-18.1 beta 4. There is partial support for iOS 17.7.1 and iOS 18.1b5-18.2 beta 2.
iOS 18.2 developer beta 3 (public beta 2) and newer is not supported.
This uses the sparserestore exploit to write to files outside of the intended restore location, like mobilegestalt. Read the Getting the File section to learn how to get your mobilegestalt file.
Commenting on the Reddit thread, a different person pointed out that sparserestore is a security hole that malware creators might exploit. More troubling is the speculation that the Chinese hackers who hacked several US telecoms might have breached employee devices with malware targeting this very security issue:
In the Readme they specifically state Nugget utilizes at least one security hole (sparserestore exploit) in iOS to install and run, which Apple has blocked in iOS 18.2 Release Candidate; Apple blocked it because it’s being exploited in the wild by malware writers and one of the flaws believed used by Salt Typhoon to help penetrate US telecoms (by inserting malware into employee devices).
This is just speculation at the moment, but even if it doesn’t have anything to do with the massive cyberattack targeting AT&T and Verizon, it’s still a troubling security problem.
