Before the days of Electra and unc0ver dawned upon us, there was Yalu, an iOS 10-centric jailbreak too by the talented hacker Luca Todesco (@qwertoruiopz); but apart from a few teasers here and there, the jailbreak community hasn’t heard much him since the Yalu days – that is, until now.
In a bombshell Tweet shared this week, Todesco released what appears to be a WebKit-based exploit that allows remote code execution (RCE) in web browsers with JIT. What’s more is that the exploit was only just fixed three days ago, which means it should be viable on all versions of iOS up to Apple’s latest release – 12.1.4:
Todesco published a proof of concept on GhostBin, permitting the public to study the exploit and use it as they see fit.
It’s not every day that a WebKit exploit makes itself known, but they have a long history in the jailbreak community. For example, an ancient jailbreak tool called JailbreakMe by Comex utilized a similar exploit (along with others) to allow jailbreaking directly from the Safari web browser when the user visited a specific website and interacted with it.
It remains to be seen if a similar JailbreakMe-style jailbreak will materialize from Todesco’s new exploit, but it certainly gives veteran jailbreakers such as myself a nostalgic trip down memory lane.
In the meantime, hacker and unc0ver lead developer Pwn20wnd continues to work diligently on his iOS 12 jailbreak for iOS 12.0-12.1.2. This is a semi-tethered jailbreak and will only support certain devices when the initial public beta is released; support for additional devices, including A12, will be added at a future date.
Are you excited about all the recent iOS 12-oriented exploits that have been released as of late? Share your thoughts in the comments section below.