P0sixninja says he’s discovered exploits for next jailbreak

By , Mar 28, 2013

jailbroken iphone 4s

This is kind of interesting. Well-known iOS hacker and (former?) Chronic Dev Team member p0sixninja says that he has discovered enough exploits in iOS 6 to build a new jailbreak. The previous one, as most of you know, was recently shut down by Apple.

But it appears that p0sixninja has discovered some vulnerabilities that were not patched by the company’s security team in the latest iOS update, as he tweeted out earlier tonight: “Well, so far it looks like the next jailbreak might be created entirely by me…”

Here’s the tweet:

But don’t worry, p0sixninja says that the evad3rs haven’t gone anywhere. He’s just discovered the exploits on his own.

Of course, it’s worth mentioning that p0sixninja hasn’t demonstrated that he has a working jailbreak yet. And if he has one, there’s no telling when or if he will release it. iOS 6.1.3 just came out, and the next expected big release is iOS 7, which is still several months away.

Planetbeing, of the evad3rs, has also stated that his team has iOS exploits in reserve. But obviously, with Apple’s history of patching them up once they’ve been shown, the smart move is to wait until iOS 7 is released to the public, which could be as late as October.

Still, between p0sixninja’s findings and the evad3rs’ work, the future for jailbreaking has never looked brighter. And that’s great news, considering how bleak things looked earlier this year. Until pod2g and team stepped up, we didn’t know if we’d ever see iOS 6 jailbroken.

Now it seems like, barring any major security advances by Apple, we’re set for the next few iOS releases.

  • Share:
  • Follow:
  • http://www.facebook.com/profile.php?id=720474005 Alnando Espaillat

    I’m more interested on that tweak for the notification center shown in this article

    • randall young

      Its called IntelliscreenX

  • regkilla

    p0sixninja just wait for iOS 7. People that got stuck on iOS 6.1.3 are idiots for updating their iDevices and should wait for being such derps.

    • Guest

      You fucking piece of shit should be shot.
      Calling people who are stuck on iOS 6.1.3 just proves that you’re retarded. There are a lot reasons why one could be on iOS 6.1.3, e.g. others updated it, the person got a replacement phone, the person had a major issue and couldn’t restore to 6.1.2 anymore, etc. pp.

      • iDon’tWantToShareMyDetails

        So the jailbreak devs have to waste an exploit for a few iditos?

      • http://twitter.com/dallasgroot Dallas Groot

        haha!! doesn’t sound like a good idea in my books….

      • altheablue

        You’re right, but calm down!

      • seyss

        but most are idiots

    • http://twitter.com/yashgorana Yash Gorana

      Bro, sorry to tell you that every iOS update (5->6->7) has an updated Darwin kernel …. so chances of new exploit working on iOS 7 is less than 5%

      anyways… I am with you.

      • http://www.facebook.com/Johannes.Mertens Johannes Mertens

        They won’t use a Kernel exploit, so Kernel isn’t relevant Herr. It’s Mostly userland Based like Most jailbreaks
        Before, which Means its Based on a Security Gap in iOS.

      • http://twitter.com/notoriousTEG tim

        every jb is based on a gap in iOS..not 100% sure what you’re getting at here..

      • http://www.facebook.com/Johannes.Mertens Johannes Mertens

        In Most cases you Need a Kernel exploit to untether it. The jailbreak is Based on a Security Gap in USERLAND Level, for Example PDF viewer in Safari, which was Used in jailbreakme 2.0

      • http://www.facebook.com/Johannes.Mertens Johannes Mertens

        A Kernel exploit
        Is NOT Necessary for Every Kind of jailbreak. So posixninja could have made Good Progress.

      • Mark

        For Darwin kernel exploits to work, you would have to find the exploits adjusted to the relevant roadblock keys, and those keys are often in different layers of the system, they would need to undergo several levels of needle picking to link those security exploits to the kernel exploits which requires a butt load of time.

      • http://twitter.com/MCaudebec Maxim∑

        in order to inject the payload that allows the user to become root, you need a kernel exploit of some kind AND a security exploit. Evade3rs had to do a very complex work around. Its easy for p0sixninja to talk but actually doing it is another thing

      • http://twitter.com/J_Private_dev J Private Dev

        Ok, but the fact the the kernel is opensource (http://www.opensource.apple.com), there are a bunch of kernel exploits. They can spit out kernel exploits all day long. The real exploits are the injection vectors. The injection vectors are what actually puts the jailbreak into the phone. I’m sure thats what p0sixninja has

      • http://www.facebook.com/ben.gerard1 Ben Gerard

        Well injection vector is useless unless you bypass code signing and break out of the sandbox, without that theres no jailbreak to put on the phone. So you need multiple exploits to play their part.

    • http://twitter.com/yaclexx Yaclexx

      Ppl who get new phones and those who get a new replacement are not idiots, are you?

      • http://www.facebook.com/victor.maciel.98 Victor Maciel

        This. It comes with 6.1.3 out of the store.

    • Marcus Parkus

      Some of us lesser mortals were sucked in by the iOS 6.1.3 blurb by Apple. It said “security update and map update for Japan” So stupidly some of us updated. So please, please provide a jailbreak for iOS 6.1.3 and I promise never to update my phone again!!!!

    • Jordi Bull

      actually in my opinion , people who updated to ios 6.1.3 was forced by itunes

  • regkilla

    Don’t waste time on 6.1.3! Wait for iOS 7

  • WatchTheThrone

    Save it for iOS 7!!!!

    • http://www.facebook.com/people/Zeljko-Nikolic/1646404156 Zeljko Nikolic

      and the other exploit for ios 8.

      • http://twitter.com/J_Private_dev J Private Dev

        He will need several exploits for one jailbreak

  • http://gxgow.tumblr.com/ Nicolas Loots

    Save it for iOS 7. There’s no need to waste it on 6.1.3

  • http://twitter.com/rud0lf77 rud0lf77

    Hah, sure. That guy didn’t discover anything. Remember p0sixninja also was the one who talked about a Bootrom Exploit, but nothing happened.
    I’d not believe anything he says. And I know that he was part of Chronic Dev, so? i0n1c was the first one to jailbreak an iOS with ASLR and now look at what he is…

    • http://twitter.com/dallasgroot Dallas Groot

      First off, He NEVER said he was working on a bootrom exploit (blogs really get all hyped when they see it, but bring out fauls info, its happend before (October 2011). Second Josh has worked on numerous amounts of jailbreaks. 4.0 4.2.1 5.x.x (along side with pod2g. Without him we wouldn’t have had Comex. Third, i0n1c was never part of a jailbreak team, he gave his work to the iPhone dev team.

      • http://twitter.com/rud0lf77 rud0lf77

        As far as I recall he was claiming to have dumped the Bootrom.
        Haha, yea, he probably worked like MuscleNerd works. And also, that iOS 4 stuff was ages ago.
        And last: Where did I say that i0n1c was part of a dev team?

      • http://twitter.com/dallasgroot Dallas Groot

        my comment is awaiting moderation :/ but he tweeted quote “no, I announced I was trying to dump the bootrom to hopefully find an exploit. the bootrom still hasn’t been dumped” Feb 8
        Still, you said he hasn’t discovered anything…. and ios 5.x.x is still recent (last year)
        and i felt like adding that :P

      • http://twitter.com/rud0lf77 rud0lf77

        By that I meant he didn’t discover what he claims to… And since iOS 5 things in iOS changed a lot regarding security.

      • http://twitter.com/dallasgroot Dallas Groot

        but he said he didn’t dump it, everyone thinks he has or is going to. All i’m saying is your statement above is incorrect.

      • http://twitter.com/rud0lf77 rud0lf77

        I am sure he was claiming the dump-stuff, he even had a name for it

      • http://twitter.com/dallasgroot Dallas Groot

        but he wasn’t claiming…. and he was joking about that name dude…….

      • http://cammyharbison.wordpress.com/ cammyh

        Like I said, if you are sure, bring the proof…

      • http://twitter.com/dallasgroot Dallas Groot

        No thanks man! instead of hiding as a guest, you should show yourself.

      • http://cammyharbison.wordpress.com/ cammyh

        Wow… And you are even more ignorant than the last guy… MuscleNerd has been an integral part of multiple jailbreaks. Just because he isn’t loud about his role doesn’t mean it’s not important … Also as to Joshua Hil,l find me the exact quotes where he said he dumped the bootROM… Impossible task my friend–completely. I am ever amazed at how loud and wrong people can be

      • http://twitter.com/IBLeeDSWaGGa Juan Herrera

        Lol i kept up thru you months ago.. Excellent articles and i love that he opened up to you whenever you had questions

      • http://twitter.com/IBLeeDSWaGGa Juan Herrera

        You did, wtf? You said chronic dev team.. What an idiot! I’m done.

    • http://cammyharbison.wordpress.com/ cammyh

      That’s not entirely true… Planetbeing himself on reddit has verified that the project poisixninja was attempting, which could lead to a bootROM dump was indeed valid and that he himself had even helped with it but that there was far too much work to be done with it for anyone to invest at this time. It’s fine to fault someone for mistakes or misclaims but make sure you can at least verify your points beforehand …

      • Guest

        Boring to read your shit.

    • http://twitter.com/IBLeeDSWaGGa Juan Herrera

      Ionic is a troll pure and simple. He has nothing helpful to offer and sounds bitter all the time. Joshua has been working on alot on his own for months now and i’m quite sure he has been ready for some time now. Even. When evasi0n rumors were building hype he was already working on things

  • http://twitter.com/andyxyoona Andy

    I salute thee P0sixninja.

    • http://twitter.com/dallasgroot Dallas Groot

      Agreed!

  • 4p0c4lyps3

    Tht’s all good and well, as long as the exploits remain secret after released. Seems like these guys create a jb and a month later reveal their exploits, then apple patches. Brilliant guys, fck’n brilliant.

    • http://twitter.com/rud0lf77 rud0lf77

      They “reveal” them? It’s not possible to “hide” them, how would the Tool jailbreak the device if it didn’t know the exploits?
      And Apple can obviously see what the Tool does/triggers on the device and therefore knows what the vulnerabilities are.

    • Yusuf Celenli

      You’re a fucking retard. They simple explained how the JB works by explaining the exploits, if Apple wanted to, they can USE THE PROGRAM THEMSELVES AND SEE HOW IT WORKS ANYWAY, DUMBASS.

    • Nestea80

      Wow, you’re a fucking idiot who obviously knows nothing about what you’re talking about. Apple doesn’t need these exploits to be “revealed”. All Apple has to do is look at the jailbreak program and see what it does. The jailbreakers know this already, and that is why the reveal the exploits afterwards. Did you really think they were that stupid to reveal exploits just for the heck of it?

    • http://twitter.com/IBLeeDSWaGGa Juan Herrera

      It’s not just them. Anyone just as experienced as them can look at a jb and point out the exploits. Ionic gaves his “analysis” of evasi0n and how it works after its release when he checked it out. His analysis was over twitter and he wasnt even part of the team. That was revealing exploits

  • http://www.facebook.com/luisreyespr Luis

    Humble the boy.

  • Rajat Solanki

    i think poxninja have found the bootrom exploit.

    • http://twitter.com/MCaudebec Maxim∑

      no that would only work for 3GS

      • http://www.facebook.com/ben.gerard1 Ben Gerard

        Not if it is a bootrom exploit for A5+ devices

  • Dookdb

    I’d love a AppleTv 3 Jailbreak….
    wonder if it Will ever happens…

  • http://twitter.com/dpbiscuit D1M

    This awesome news!!! I’m happy on 6.1.2 with jailbreak. Definitely wait for iOS 7!!!

  • http://www.facebook.com/BazzaBW Barry Wilson

    In the meantime, these guys should try to fix the downgrade issue for devices above the A4 chip, so us jailbreak users can always have a jailbreak. My friend lost his signal yesterday and everything we tried wouldn’t bring it back, he had to restore losing his jailbreak to fix it…. So sad.

    • http://cammyharbison.wordpress.com/ cammyh

      Um, “fixing” the downgrade issue is not as easy as it seems–they don’t have a way to dump/exploit the bootROM as they did with earlier devices and this is required for the downgrade/restore. It’s a bit too complicated to explain in this space but basically it’s not just a matter of updating redsn0w… And furthermore they have looked into this but it would take so much time and energy they figure you’d rather have a jailbreak than wait around for something that may not even be possible

      • Manuel Molina

        To be real, I also think getting SHSH working on newer devices is a requirement at this point. It prevents stupid updaters and iFaith helps those restore with their SHSH if the window on signing their current iOS firmware is closed.

      • http://twitter.com/J_Private_dev J Private Dev

        You’ll need a bootrom exploit to bypass the APTicket checks in the LLB/iBEC. If you want “SHSH” to work again… You find the bootrom exploit… Have fun

      • Manuel Molina

        I’m actually picking up books on jail breaking and root exploiting, and worked in the ps3 scene for sometime. It’s always good to be sarcastic, but I’m actually a do and go-getter. In other words, maybe I am or will, and maybe I’ll give input with other developers.

  • http://twitter.com/ZoltanTroll Colton

    Everyone saying “save it for iOS 7″ realizes that we have roughly 7 months until iOS 7 comes out and there could be numerous updates to iOS 6 in that timeframe and there is no way to downgrade, and there are many legitimate reasons why people would have to update…

  • http://twitter.com/yaclexx Yaclexx

    I just get my i5 replaced at the Apple store and it came with 6.1 firmware.
    Is it possible update to 6.1.2 with tinyumbrella or something?
    I know Apple its not signing 6.1.2 anymore :(
    Hlp!

    • http://www.facebook.com/BazzaBW Barry Wilson

      No, just jailibreak on 6.1

      • http://twitter.com/yaclexx Yaclexx

        I did but I need the Microsoft Exchange email at work and this firmware has a lot of bugs .

        I don’t want the Exchange administrator blocking my email account bc I have not do the update

      • http://www.facebook.com/mykelxmonroe Mykel Monroe

        I’m on 6.0.2 bro. It sucks. There is no current way to do this by design. Also .shsh files are unique to the device. Even if you had them from your old phone, (like me), they would not work and you would be boned. Unfortunately you must choose between the JB or not using the Exchange server. :[

      • http://twitter.com/yaclexx Yaclexx

        Thx! I chose JB and I disable the calendar to the exchange email account just to be safe

      • http://www.facebook.com/mykelxmonroe Mykel Monroe

        Good choice!

  • http://twitter.com/WvB22 Walter van Bergen

    Wait for iOS 7 Beta. If its venerable wait with release till iOS 7 is released. If iOS 7 is not venerable for this jailbreak release it for 6.1.x

    • http://twitter.com/dallasgroot Dallas Groot

      Just to add, it has to pass all the way till ios 7 gm, ios 7 beta’s could still patch them :)

  • http://twitter.com/iPhoneHrvatska iPhone Hrvatska

    I think they should save it for iOS 7 but find the way to restore to 6.1.2. Now, I’m on 6.1.2 but if anything goes bad with my iPhone I have to go back to 5.1.1 and that is not very nice

  • http://www.facebook.com/profile.php?id=100001069522236 Shahshit Mac

    listen carefully you brother i say save it for ios 7 pls

  • http://twitter.com/maximt435 MaxT

    I think Hackers must keep their vulnerability for IOS 7 Jailbreak, but before, I think they must put energy to work on a bootrom exploit for A5+ iDevice to be able to downgrade these devices. I’m so confortable with my iPhone 4. This could be a good news to have a future iPhone 6 (or 5S) with IOS7 Jailbreakable and a bootroom exploit available. Could be our next Christmast gift! Good luck guys!

    • http://twitter.com/IBLeeDSWaGGa Juan Herrera

      I just said the same above.. Agreed

  • http://twitter.com/CFarzaneh Cameron

    I think he should release 6.1.3. All shsh blobs for 6.0-6.1.2 have missing apt-tickets making it impossible to downgrade for A4 users. He should release it for 6.1.3 so later in the future, A4 users can downgrade back to 6.1.3 and jailbreak. The apt-ticket issue is also fixed in 6.1.3.

    But that might mean longer time for iOS 7 jailbreak. I still rather go with 6.1.3.

    • http://twitter.com/IBLeeDSWaGGa Juan Herrera

      I doubt a4 devices are that much of a priority when we’re about to be up against the a7 chip. The phones coming out are way more a challenge for the future of jailbreaking

  • felixtaf

    As long as there is iOS, there is Jailbreak…. Jailbreak never dies…..

    • Aleksander Azizi

      I hope you’r right…. But that’s not a general rule..

      • felixtaf

        Thats not a rule… That wat I wish… Infact We wish…..

    • http://www.facebook.com/micaiah12 Micaiah Martin

      I’m pretty sure it’s not going anywhere any time soon.

  • http://twitter.com/DustinSchaaf Dustin Schaaf

    You think jailbreakers fuck with Apple and say they have exploits even if they may not have exploits yet? Then apple be all like damn. Oh and save that shit for ios 7. High five! Fuck samsung

  • Anon

    The jailbreak will only last about a month anyway. IOS 7 will patch the jailbreak before it even comes out. So, might as well.

  • samdchuck

    Kinda presumptuous of him, they still have to other one.

  • http://www.facebook.com/craig.wayman.7 Craig Wayman

    Hell yeah! Keep up the good work guys!

  • http://twitter.com/TonyLonsway Tony Lonsway

    Great work! my vote is to save it for iOS 7

  • Stanley Traub

    My stock unrooted touchwiz rom on my note 2 STILL has more features than all the jailbreak tweaks combined. How many people want to bet that ios 7 Still won’t have as many features as gingerbread did? Btw gingerbread is like 3 years old.

    • http://www.facebook.com/joe.jonsen Joe Jonsen

      i bet that android sucks which is why iphone is number 1

      • Kurt

        Here they give iPhones away for free. So much so, they are now calling people asking if they want a free iPhone 5. I got a call a few days ago. I was shocked it has gotten this unpopular here.

  • http://twitter.com/yaclexx Yaclexx

    Pool
    should he release the JB now?
    YES ( + ) NOW
    NO ( – ) “wait 6+ month till iOS7 comes out and hope the exploits works on it”

    • Blah

      Poll

  • http://www.facebook.com/joe.jonsen Joe Jonsen

    LOL HERE WE GO….. i say they jailbreak iOS 6.1.3 cause ios 7 will be a whole new beast needing a new JB from ground up

  • http://www.facebook.com/brandon.higgins.12 Brandon Higgins

    Only reason this should get released is for the new tmobile users.

    • http://www.facebook.com/brandon.higgins.12 Brandon Higgins

      How ironic… umm just installed adblocker from cydia and bam! restore needed from boot loop. jailbreak release please! lol

  • http://twitter.com/Antoniogzzx whT!

    Keep Calm
    &
    Save it for iOS7

  • http://twitter.com/sl0wCydia0101 Cydia is sl0w

    give me a minute to grab my time machine

  • http://twitter.com/GHaukland Geir haukland

    Talking about this in the open is not very smart. There is a good chance that some one from apple is reading this and soon it will be closed up in next release 6.1.4, than all is wasted, so why not create a closed community and start there?? Just a thought..

    • ryan

      This type of jailbreak that people think he may be doing can be released as soon as it’s completed. The only issue is that the iPhone 5s won’t be able to run it since it will have new hardware. I fear that this jailbreak will only be released for A5 chips and higher, and if not that then only A6. It’s about hardware now not software so apple can’t patch it up unless they use new hardware.

      • http://cammyharbison.wordpress.com/ cammyh

        unless of course this is an entirely new frontier… a new method not seen before …

  • http://twitter.com/kingkneller jake kneller

    who i cant belive this i rember geting my first iphone in 2008 then i was runing ios 1 wow just thinking about ios being so close man apple has evolved so much

  • DjCoolN

    He said he found a way now lay off!

  • http://twitter.com/maxt435 MaxT

    But if P0sixninja, or evad3rs, or anyone are able to make an untethered Jailbreak for IOS 6.1.3, why they didn’t process on their device and didn’t produce a video to proof if! Yes, produce VERY GOOD video to proof they was able to JB 6.1.3 and not one video crap like many others that proof nothing. And if it true, I continue to say: KEEP exploit for IOS 7. Then sorry for someone in 6.1.3, and for someone in 6.1.2, do like me, e.g. wait until IOS 7.x

  • DnDSkate

    just save it for 7 i have 6.1.3 but i’ll just update it again and jailbreak it when its ios 7