After an iOS 8.4.1 jailbreak, an iOS 9.3.5 jailbreak, and an untether for the iOS 9.1-9.3.4 Home Depot jailbreak, tihmstar has now turned his attention to a mobile browser-based jailbreak for 32-bit devices.

Many of our loyal readers will remember the original JailbreakMe tools from the elder days of iOS, which jailbroke your device at the press of a button from a website in your browser. More recently, Luca Todesco created a similar site to host a browser exploit for the 64-bit iOS 9.3.3 jailbreak, pictured below.

Continuing in this tradition, and using the Trident bugs which caused such a ruckus a few months ago, tihmstar’s latest project exploits Safari vulnerabilities in pre-iOS 9.3.5 firmwares to inject the Home Depot code and jailbreak your device, with no need for a computer or a side-loaded jailbreak app.

He initially planned not to release his work, believing that it could be used to illegally bypass iCloud activation on locked devices, but may now have changed his mind. It seems that JIT (code compiled just-in-time) is not available in captive portals, preventing the risk of iCloud bypasses. His exploit relies on JIT to work, and if it were permitted in captive portals, an attacker could connect to a Wi-Fi network which used such a portal and run the exploit from there, accessing the device. However, given that this is in fact not possible, the way may be clear to release his affectionately dubbed “JailbreakMe 4.0”.

Many users will not be affected by this development, impressive though it is. It is a legacy tool, for 32-bit devices only, and covering only the Home Depot firmwares (iOS 9.1-9.3.4). Given that tihmstar himself has already created an untether for those firmwares, this tool will not even be necessary for reactivating the jailbreak, as it was with JailbreakMe for Pangu iOS 9.3.3. It is good to know however that Home Depot users who run into a problem with their untether will be able to re-jailbreak immediately from a webpage.

This does of course come with a security risk. The Trident exploits were patched in iOS 9.3.5 and later, but users should be aware that a browser-based exploit like this means that devices on iOS 9.3.4 and below can be compromised directly from the browser now. All it would take is a click on a phishing link on a website to run tihmstar’s exploit and jailbreak your device without consent. For this reason, exercise caution and avoid using a pre-iOS 9.3.5 device as a daily driver, if you are concerned.

The tool is not yet released, but we’ll let you know if and when it is. For now, you can watch a demonstration of it in action below:

It’s nice to see the convenient tradition of on-device jailbreaks continue, even if tihmstar’s JailbreakMe tool will not be of use to the jailbreaking majority.

  • Todd Young

    Really? zzzz…

  • MMA Rules

    Wtf is in iOS 9? These hackers wasted their time in something irrelevant! Most the Cydia tweaks are updated to work for mostly iOS 10

    • Timothy

      My iPad 2 can’t run iOS 10 and is still usable.

      • Blacklight: Retribution

        Upgrade already.

      • Timothy

        For one thing, not everyone can afford that. Personally however, I also have an iPad Pro, but that doesn’t change the fact that my iPad 2 is stuck on iOS 9.

  • Mark S

    Hey moron we are on 11 now. Guess you must be afraid of girls or to leave your house or something.

    • big Rafa

      seriously, reading this news made you like this? you don’t look very ok moron

    • Joaquim Barbosa

      Haha this sentence seems to describe the person who would write this sentence so well.

  • Renato Faria

    32-bit devices in a few months they’ll all be in the trash. This is useless.

    • big Rafa

      lol, it’s not useless, it’s for fun, plus most of jaikbreak users have their apps saved locally

  • erman

    Thank you! iOS 11 Jailbreak in 2025 may possible?

  • So Young

    Useless stuff…32 bit devices is starting to be very old devices now and the good majority of people don’t use a phone released in 2012 or earlier anymore.

  • Abhinav Chaudhary

    Who even uses iOS 9 anymore?