Anyone familiar with the jailbreak scene knows that Luca Todesco sports l33t hacking skills, but the security researcher reaffirmed those skills this week after sharing a demonstration video of what appears to be a hacked iPhone X-style device running the eighth developer beta of iOS 13.
The video, embedded below for your viewing pleasure, showcases what appears to be a WebKit-based software bug at work:
In response to Tweets asking about what was going on here, Todesco clarified that this bug allows him to perform remote code execution, local privilege escalation, and code injection, among other wonderful things in the world of IT security.
The video is short, only displaying a custom alert message in the Messages app after being launched, but it’s a great proof of concept, nonetheless.
Apple also unexpectedly launched iOS 13.1 beta 1 to developers for testing on Tuesday, and it didn’t take long for Todesco to share that his exploit still worked on the new beta release. In the Tweet above, he shows the same bug being used in the Settings app on iOS 13.1 beta 1, albeit with an outdated message that still references iOS 13 beta 8.
iOS 13 has not yet been publicly released, but we expect that the golden master will launch within the next few weeks. With that in mind, there’s a fair likelihood that Todesco’s bug won’t be patched in the final release since it hasn’t been disclosed to Apple. It remains to be seen if it will go on to benefit the jailbreak community.
To date, iOS 12.4 is the newest version of iOS that can be jailbroken. Apple just yesterday released iOS 12.4.1 to patch the Sock Puppet 3 exploit that made this possible, and so we recommend that anyone with an urge to jailbreak gets their device to iOS 12.4 ASAP.
Are you impressed by Todesco’s iOS 13-centric demonstration? Discuss why or why not in the comments section below.