iOS 10.2 jailbreak could come via YaluX update

iOS_10.2_jailbreak_announcement

The creator of the iOS 10.1.x jailbreak YaluX has announced that he intends to update the tool, currently in beta, to add support for iOS 10.2. Luca Todesco tweeted that his solution for the instability of the early builds of his tool has tangentially allowed for compatibility with the most recent firmware, news which will no doubt delight many in the jailbreak community who are trapped on iOS 10.2, and who have been lamenting the death of the jailbreak on currently signed firmwares.

Before you click your heels and start popping corks, there is one major caveat to this piece of news: the support for iOS 10.2 will not extend to the iPhone 7 and iPhone 7 Plus. Whilst this is disappointing for owners of those devices, there is a good reason for the lack of support. It seems that Todesco’s 0-day vulnerability which he gave up to make the iOS 10.1.x jailbreak, a KPP bypass technique, does not work on the iP7(+) on iOS 10.2. This may be due to this model’s superior hardware security measures.

iP7_incompatibility_YaluX

As you can see from this image, Todesco’s changes will allow root access on the iP7(+) on iOS 10.2, which is better than nothing, but will not work fully enough to provide a complete jailbreak on that device/firmware combination.

What we must bear in mind with this news is that the main aim is to bring stability to the tool; that is why Todesco is employing a different technique. The 10.2 support is simply a happy side effect of this change. So, for iP7(+) users at least, it may be more comforting to look at this announcement as one of upcoming stability for their 10.1.x jailbreak, rather than a missed opportunity for a 10.2 jailbreak. All other 64-bit devices should be compatible with the tool on 10.2 (as well as the previous firmwares of 10.1.x).

It seems that the instability problems with the beta tool, most notably with the behaviour of SpringBoard and Cydia Substrate, may have been inherited from, or indirectly caused by, Ian Beer’s Project Zero code. It is possible that this has necessitated an additional exploit to be used by Todesco in order to work around these problems, and this is what has allowed the broadening of firmware compatibility along with the stability improvements. If so, it is good of Todesco to make use of additional exploits to bring these advancements, though of course this may not be the case.

Hopefully we will see a version of the tool with these new amendments released soon, in order to beat the iOS 10.2 signing window. Jay Freeman (Saurik) has commented that he believes Todesco’s new approach will work, which is generally an encouraging sign.

For now, I would recommend anyone on iOS 10.1.x to remain where you are. In the unlikely event that this release does not happen or has problems, you will still be safe on iOS 10.1.x and can use the existing tool, along with any updates it receives. If you want to be well prepared, simply download the iOS 10.2 IPSW for your device, and when reports of the 10.2 tool’s release and stability are confirmed, you can then use it to restore your device before iOS 10.2 goes unsigned.

If you are on a lower jailbroken firmware such as iOS 9.3.3, the same advice applies. Prepare your IPSW, and wait on your lower firmware until the tool is ready.

I would also recommend everyone to save their iOS 10.2 blobs with TSSChecker/TSSSaver. It is general good practice, and has been advised by Luca Todesco more than once. It could, in some limited cases, serve as a way to get back to iOS 10.2 in future.

Have you got your IPSW ready? Are you excited at the possibility of a signed firmware jailbreak? Pray tell.