It doesn't work via the App store, apps which require you to bypass the app store are not innocuous.

ish requires bypassing the App Store and is one of the only ways to run quite a lot of pretty basic everyday software on iOS.

FWIW, I believe that all TestFlight app releases also undergo the automated portion of the App Store approval process, which would be able to catch entitlements.

If you're installing from source, that's another thing.

Correct. This is why iSH cannot dynamically generate code like say UTM can and must use software emulation via a threaded interpreter.

Yeah, a Linux shell is not what I would call "basic everyday software" that I need to run in my phone.

I need ssh and git for a lot of everyday stuff personally.

Also a decent text editor shouldn’t be considered unusual software.

It would have worked and passed through the App checks. It’s not like the App is using private APIs.

Now that Apple is aware of this class of bug, they may add automated checks to the plist files containing a super strict XML parser.

Their existing parser used during App Store submission already catches this. It’s the plurality of parsers on the device itself that allows this to happen when sideloading.

But not a security conscious user who knows once the USB cable is plugged in the device is compromised.

Most security-conscious users do not assume this. Newer iOS versions ask for credentials (and all recent smartphones that I've used ask for credential-less permission) before transferring data over USB.

Installing an app even through a cable requires clicking through permissions.

There are probably apps out there exploiting this already since this seems to have been known about for a long time and only recently patched.

Like the ‘zeroday vulnerability’ of users pasting commands into a prompt.