Hacker demos iOS 9.3.2 browser-based jailbreak

By , May 28, 2016

ios 9.3.2 browser jailbreak

Italian hacker Luca Todesco is once again making waves in the jailbreak community after demonstrating on video a browser-based jailbreak on a 6th generation iPod touch running iOS 9.3.2.

Similar to the now classic JailbreakMe, the method used by Todesco can apparently jailbreak the device directly from Safari, without requiring a computer.

This is great news for jailbreak enthusiasts because it shows that despite Apple efforts to tighten security of their software and devices, there are still ways to get in. However, it seems that Todesco is not interested in making its discoveries public, thus making a potential jailbreak for the masses very unlikely.

Earlier this week, Todesco had already teased a jailbreak for the latest beta of iOS 9.3.3. That jailbreak won’t likely see the light of the day either, so don’t get your hopes too high for that.

  • Share:
  • Follow:
  • ravinigga

    Again? Just releases it.

    • The King

      Sometimes, it’s not that easy. It could be buggy as hell, he releases it, bricks phones, and then it becomes an issue. People would complain why he released it so buggy, others would bitch saying it’s their phone for jailbreaking… it’s just messy. But this stuff where there’s no jailbreak for months is why I couldn’t deal with using iPhones. For me, I couldn’t use an iPhone just out of the box.

      • It doesn’t matter how buggy it is when it comes to browser based exploits. This vulnerability could likely be exploited by nefarious people. Assuming this person is an ethical hacker he has an obligation to report this.

      • The King

        Obligation? Tell that to half the jailbreak community who showcase a working jailbreak and tell the community that they won’t release. They don’t owe us anything to release or report – buggy or not.

        It’s Apple’s job to find exploits and patch them, not random people who don’t get paid by Apple to find loopholes. If that was the case, we’d all be looking for holes to report.

      • Moat jailbreaks don’t use a web browser as an attack vector. I don’t know what the vulnerability is but assuming it’s a problem in WebKit then Safari on Mac could also be vulnerable as could anything else that’s using WebKit. Assuming this isn’t a failbreak if this were to fall into the wrong hands the implications are huge.

      • I don’t think this has anything to do with a web based exploit. I think apple has web based exploits pretty much covered. Cydia loaded faster than all previous JBs combined (yes all the way from the limera1n days) in just about 20 seconds? This can’t be true.

      • NotTodayThx

        The vuln is in webKit

      • The King

        That’s Apples problem not those who find it. Apple needs to patch it, and the community can decide to use it as a jailbreak or not. But giving them information about an exploit isn’t a norm when cash is what’s usually the reason for jailbreaks these days.

  • MrTarek

    wow

  • Chris

    Anyone else find it strange that Cydia just opened without preparing the file system?

    • malhal

      All preparing file system does is move the system app folders to the user partition so there is more space to install jailbreak apps. He could easily just have made his version of Cydia skip that for demo purposes.

      • Chris

        If that is the case, that would prove this is only a partial jailbreak with no root access. I would also be willing to bet he used a self-signed enterprise certificate to bypass app verification.

      • malhal

        I was saying it wasn’t the case. Also, if you read his comment on the youtube video he says he has disabled stashing which is Saurik’s name for moving the system files to the larger partition. His reason for that is simply the web-based jailbreak isn’t untethered, but he says he does have an untether working. So there you go, nothing to do with no root access, hope that helped.

      • Shadowelite123

        Where are you trying to get at? iOS 9 doesn’t even have root and Cydia doesn’t run on root anymore anyways.

    • Marcus

      My thoughts exactly… I have no reason to believe the above video.

    • Hadləy Alden

      Thank you. Plus he had tweaks already installed, that had updates available. This simply proves his device is jailbroken in general. You can’t jailbreak a device from its own web browser, since like iOS4 hahaha

    • NotTodayThx

      You’re spot on, it’s not a full jailbreak, but does have root, this is why you will never see the installing or running off a tweak, even a reinstall of substrate in these videos

      (that moment when you realise its can’t release not won’t release)

  • XenonKilla

    So glad I don’t have to be bothered with all these bullshit ass games. Still sitting pretty here with my Jailbroken iPhone 6 on iOS 8.4. LOL at all you sheep who went out and “upgraded” to a “new” device. =)

    • therealjjohnson

      Well, I’m sitting with a jail broken 9.0. Why do you think people are sheep though?

    • The King

      That makes zero sense. People upgraded to a new device and have a 9.0 and 9.1 jailbreak. My girl brought an iPhone 6S on iOS 9.1 around March. This was during iOS 9.2 already being out, and 9.3 on its way. Then a 9.1 JB came out. Sometimes people get lucky, but if someone had an iPhone 4S that’s slow as shit, I’d consider upgrading too.

      • XenonKilla

        I’m not referring to the people who have had devices that are at least two or more years old. I’m talking about the people who update every single year just because they think they need to have the “latest and greatest”. Yeah I used to be the same way back when crApple actually released new devices that were the “latest and greatest”. But now a days, new devices are nothing but last years devices just resized and labeled as new.

        And just for the record, being Jailbroken on iOS 9 is nothing to brag about seeing as how there is hardly any new/updated tweaks available when compared to previous iOS versions. I’ve been around the Jailbreak scene since the original iPhone and this is by far the slowest I’ve seen it since then. So many good developers have left the Jailbreak scene because they just got sick and tired of wasting their time going back and re-coding their apps/tweaks over and over again every single time crApple releases a stupid iOS update! Especially when major iOS updates these days are so minor and hardly offer anything new or innovative.

      • mickey

        I’d update every year (because I can) but definitely think twice now that the hardware is making smaller leaps as well as longer dry periods between jailbreaks. But I’d have to say up until the 6, it has been worth upgrading. At least the main releases: 2G – 3G – 4 – 5 – 6

        You are right about the jailbreak scene though. It is not what it used to be. Unfortunately it was bound to happen with the advancement of iOS. i.e; less need for certain tweaks

      • The King

        I gave up on Apple awhile back after I saw nothing different from the 5S to what is out now. The 6 is just bigger with a different iOS software. I understand your point 100 % though. I’m just not gonna play the “you must update, update, update” game every year. It’s just a waste

      • Bufonse

        Hold this L bruh

      • JustCause

        This is my situation right here and I agree with you 10000%! Money isn’t an issue for me so I can afford to upgrade every year which like yourself I have done in the past as well. But now a days, whats the point? Yeah I got money to burn but it finally just got to the point where I’m standing there in the Apple store checking out the new devices and I’m holding a device that is basically 97% identical to the one sitting in my pocket. Why the hell would I wanna drop $600+ bucks on a “new” device that’s 97% identical to the one in my pocket?

        Then I have to wait for a Jailbreak, and the worst part is HOPE that all the Jailbreak developers who’s apps/tweaks I use will actually update their apps to work on the newer iOS. Why the hell would I wanna upgrade my device so that I can gain a couple “new” stupid features that Apple has added, but then lose tons of great apps/tweaks that the Jailbreak provides? It just doesn’t make any sense!

      • Fanboy 

        Not sure why you seem so butt hurt about people upgrading lol. I personally don’t even JB anymore. I recently got a replacement device that came installed with iOS 9.0.1 and for a second considered jailbreaking but instead decided to just upgrade its firmware. There’s not much left to jailbreak for anymore. Some of the tweaks I do like using I can use through Extensify without jailbreak. Proud “sheeple” owner of an iPhone 6S on iOS 9.3 🙂

      • JustCause

        Your name says it all. Enuff said.

      • Hadləy Alden

        Wow you are ignorant. I got 2 lines deep. You’re attempting to take the standpoint of every single person in the world that updates… I’m on ios 9.3 because that’s what my SE came with, and boyyy am I tired of these bugs that 9.3.1 and .2 fix… But Luca himself has personally advised me to stay on .3 regardless of the bugs. People don’t update to be “better” or to have the “latest and greatest”. Hop off your high horse, you’re not better than any one here, and if you think your material possessions and Apple hardware makes you better, you’re one ignorant muhfuka.

    • Gregg

      And I’m jailbroken on 9.0.2 😀

    • Hadləy Alden

      Really? Sheep? Like you’re superior? What does that make you? A wolf? Cause that’s certainly not shepard talk and you gotta be one buddy 🙂 your old device sure makes you a better human being, and gives you the right to be a jackass 🙂 my iPhone SE has a more powerful processor than anything on the market right now, including your iPhone 6 or below running iOS8 (although id do anything to have my SE running iOS 7 or 8)

  • Hope he holds on for iOS10 if his technique works on that version of iOS too.

    • Bufonse

      He’s not releasing anyway so it won’t matter

      • John Smith

        Dude, he showed safari can be exploited. That is enough for other people to look to try to penetrate Apple’s Webkit to try to find it out on their own.

      • Hadləy Alden

        I guess, if you buy into the fact you can jailbreak from Safari… He had updates available from cydia as soon as he opened it, let alone the fact it didn’t actually go thru jailbreaking kernal procedures or prepare its filesystem… Hm…

  • Fevostone

    What I don’t get..? Is how easy he is making it look to jailbreak the latest iOS when it’s been so long from other known sources not to do it. Doesn’t make sense to me..???

    • Blip dude

      It’s because other sources are waiting for Apple to stop with the constant updates. I think it’s pretty clear why they are doing this. Why create a Jailbreak for 9.3.2 when 9.3.3 is around the corner. As I mentioned before, there will be Jailbreak for iOS 9, but people will likely have to wait as long as the release of iOS 10 before we finally see it, and I will be more than happy to wait that long to see it.

      • Fevostone

        Maybe your right but it’s a game of cat and mouse so wouldn’t it be good to just jailbreak it and then do it again when they bang out another iOS .1 or .2..?? The dude is doing it so why not happen in the passed.

  • Lipkiss

    Its fake because i dont have it . lol

  • Jim Hart

    Todesco is using a bootROM exploit he has and almost certainly will not share.

    • Guy Gascard

      it’s a fake i wonder what this guy benefit to tease us like this all the time.
      Hum Publicity?? or what else….

      • Elias Chao

        He’s a researcher. I’ve always thought that he is just publishing what he’s doing. As a musician would share whatever it’s currently working on.

      • Stefan Esser does the same as well. But he doesn’t release videos to prove he isn’t bluffing.

      • John Smith

        That’s because Stefan’s already an established contributor to the iOS community (in the past at least) and his security research group is more than enough to prove his capabilities. If I were to jump out of nowhere and release my own exploit to root the iPhone, people would pounce at me for attempting to install malware onto their devices. Plus with video proof he could sell the information to Apple or a third party company (third party is a good bargaining chip to get extra $).

      • >> If I were to jump out of nowhere and release my own exploit to root the iPhone, people would pounce at me for attempting to install malware onto their devices.

        Every jb requires the user to agree that the jb is not responsible for any damage to the data on the iphone.

        >>Plus with video proof he could sell the information to Apple or a third party company (third party is a good bargaining chip to get extra $).

        AFAIK Apple never pays to figure out exploits in their own OS. But as you said, this loser is trying to grab $$$ using the vid. Im sure Paingu and Taig already know that the video is misdirecting them towards a bootrom exploit.

  • pnh

    Luca Todesco = Like a Toad

  • Mark S

    And why do you insist on giving this person free advertising? Let’s look back on this year of postings and see how many articles there are on jailbreaks we won’t receive as opposed to ones that were actually released.

    • It’s a pretty good demonstration showing an incredible skill level from a hacker in the community. That’s right, a hacker from our own jailbreak community. I’d say definitely deserving of publication.

      It’s his creation and he’s free to do as he wishes with it. If I made a cupcake everyone wanted, I could certainly keep it to myself too.

      Judging the fact that Luca has been the center of attention in multiple jailbreak demos recently, it would seem to suggest that he has a very powerful exploit, and it would make 0 sense to burn it ahead of an iOS 10 release. Would you agree with that?

      Apple, who is constantly trying to kill jailbreaking, could learn a thing or two from this guy.

      • pnh

        No. Not of “our” community. That would imply participating in the community. He is living in his own narcissistic world.

      • Elias Chao

        Well, he was going to release a tool for iOS 8.4.1 and people went crazy on him on Twitter. That’s why (allegedly) he decided not to release any other tool anymore.

      • He gave away that its a browser based exploit, and he also gave away that it had to do with the buffer being overloaded. He’s blown his cover. Anyway its of no consequence as he’s yet another Stefan Esser, but an a sshole of the “here’s my vid if you don’t believe me, but sorry its my jb” kind

      • John Smith

        Hey finding these exploits is incredibly challenging. Apple makes sure of it. Believe or not it takes a lot of hard work and patience. So, he has every right to keep his hard work in his search to himself. There is absolutely nothing wrong with him demonstrating his abilities.

      • smtp25

        Wow thats narrowed it down, a buffer overrun(commonest, old, exploited vector) and a brower (kinda of does limit it down a bit tho) but yeah

      • Ria1979

        I wouldn’t go with the cupcake analogy. Not the same thing. This is a different kind of beast,

      • Hadləy Alden

        Agreed. He’s either waiting or just flexing

  • Hopes it gets released soon

  • TwinSon

    My guess is the known JB sources like Pangu and Taig are waiting for a good time to release a Jailbreak that won’t be patched immediatley by the onslaught of these point releases. Maybe around WWDC time or when iOS 10 Beta gets released.

  • Smegmatron

    This feels like the “i’ll put in just the tip baby”

  • droid3000

    i guess it doesnt really matter but im 9.2.1 should i go to 9.3.2 just in case a jb does come out?

    • Eliijah Moss

      Same boat as you. DO NOT UPDATE!!! It’s safer to stay where you are at than to update.

  • avd98

    If you’re not releasing it, don’t tease us. Simple as that.

    • John Smith

      Maybe he is waiting for the next few updates to crank out a few bugs? If released right away, it will be patched right away in the next release and there will be less of an incentive to fix the problems with the jailbreak because it already has been patched.

      • RK

        Even the exploit used in ios 10 jailbreak will be patched on ios 10.0.1 or 10.1. So that shouldn’t be released either. Furthermore ios 10 will be buggy as hell and would need an ‘point’ update asap.

  • Eliijah Moss

    I’m really tired of people saying that he has to do this or he has to do that. He doesn’t have to do anything. He’s not teasing anything. He not showing off anything. This is his work, and his work alone. That’s like creating a 2,000 horsepower car that runs on water, and the creator is just supposed to mass produce the car for it to be available to the public. No. That’s not how that works. He can do what ever he wants with HIS work. He doesn’t owe anything to anyone.

    • John Smith

      Totally Agree

    • therealjjohnson

      Well, he is showing it off. He put it on the Internet to be viewed. If it was his and his alone he would have kept it to himself. So yeah, he’s showing it off.

      That being said, he doesn’t have to do anything with it if he doesn’t want to. You’re totally right in that regard.

  • F P

    Zzzzzzzzzzzzzzzzzz…

  • Mike M. Powell

    Didn’t Pangu say this is the worst possible jailbreaked method hence why they didn’t go for the 1mil bounty?

  • hkgsulphate

    So that they could fix the loophole in iOS X
    good job

  • Jonathan Rosga

    For the first time ever I think I’m about to switch to Android. I simply don’t like my iPhone unless I can jailbreak it and customize it the way I want.

    • smtp25

      How much do android people actually customise? are you 12 and want to theme your phone?

  • Hadləy Alden

    TO THOSE NOT FAMILIAR WITH JAILBREAKING – This is a hoax. His device was jailbroken prior to this and already had Cydia on his device.
    1. When Cydia is first installed, it creates a file space for itself (I forget the actual words used)
    2. He had updates available for his already-installed tweaks

    Todesco has a jailbreak for himself, but this “over-safari” jailbreaking is, and always will be a joke, unless you’re running iOS4.

    Don’t be so naive.

    • Jayy

      His jailbreak isn’t unteatherd which is another reason why it boot up that way.

      • Hadləy Alden

        But what took place in the video is not a browser based jailbreak. His device was jailbroken prior to clicking on the link in safari