Before the days of Electra and unc0ver dawned upon us, there was Yalu, an iOS 10-centric jailbreak too by the talented hacker Luca Todesco (@qwertoruiopz); but apart from a few teasers here and there, the jailbreak community hasn’t heard much him since the Yalu days – that is, until now.
In a bombshell Tweet shared this week, Todesco released what appears to be a WebKit-based exploit that allows remote code execution (RCE) in web browsers with JIT. What’s more is that the exploit was only just fixed three days ago, which means it should be viable on all versions of iOS up to Apple’s latest release – 12.1.4:
If you remember the good old days when you could visit a web page in mobile Safari and swipe your finger over a virtual slider to achieve a jailbreak (yes, I’m pointing at you JailbreakMe), then we’ve got some good news for you.
iOS hacker and developer Sem Voigtländer (@UKERN Software) appears to be working on a JailbreakMe-styled tool that you can visit in mobile Safari that theoretically supports iOS firmware versions from 4.0 to 12.0.1 (*with some exceptions*).
If you happen to have a 32-bit iOS 9.1-9.3.4 device, then you might be thrilled to learn that there’s a new jailbreak in town that supports it.
JailbreakMe 4.0 was released by iPhone hacker tihmstar on Tuesday, and it can jailbreak any iPhone, iPod touch, or iPad that meets the criteria mentioned above.
After an iOS 8.4.1 jailbreak, an iOS 9.3.5 jailbreak, and an untether for the iOS 9.1-9.3.4 Home Depot jailbreak, tihmstar has now turned his attention to a mobile browser-based jailbreak for 32-bit devices.
Whilst most are no doubt still eagerly awaiting a jailbreak for the just-released iOS 10.2, there are those who still have devices on various flavours of iOS 9 and older, who have fallen through the cracks of the most recent Pangu releases. For them, this week brought some hope, with two separate announcements of upcoming jailbreaking tools, in addition to the release of a browser-based tool from Luca Todesco. This round-up will cover the various pieces of jailbreak release news that came to light over the past few days.
As reported recently on iDB, Luca Todesco has decided to solve the certification problems which have plagued the most recent Pangu release for 9.2-9.3.3, by making public a web-based tool for re-activating the jailbreak.
After doing some testing and research it seemed appropriate for a more in-depth discussion of the tool, along with a walkthrough, in order to address some of the more technical questions surrounding this latest development in the jailbreaking scene.
Noted iOS security researcher and hacker Luca Todesco has just released a WebKit-based loader for the Pangu 9.3.3 jailbreak. This impressive browser exploit is reminiscent of the original JailbreakMe exploits on iOS 1 and iOS 4, after which it is named.
All that is required for the technique to work is to follow a URL in mobile Safari, press a button, lock your device and wait for the respring.
Whilst this development is testament to Todesco's hacking skills and has alleviated one major problem with the current 9.3.3 jailbreak: its reliance on developer certificates for the loader app, there is bound to be some confusion over what this tool actually does, and what it means for the jailbreak community. This post aims to bring some clarity to the topic.
For those who are unaware, Pangu launched a new jailbreak for iOS 9.2-9.3.3 over the weekend. Now, an iOS developer from the jailbreak scene has made it possible to jailbreak your iOS 9.3.3 device directly from your iOS device itself without the need for a computer.
It's officially JailbreakMe-style, and in this tutorial, we'll show you how to do it!
Italian hacker Luca Todesco is once again making waves in the jailbreak community after demonstrating on video a browser-based jailbreak on a 6th generation iPod touch running iOS 9.3.2.
Similar to the now classic JailbreakMe, the method used by Todesco can apparently jailbreak the device directly from Safari, without requiring a computer.
The cat and mouse between Apple and the jailbreak community has been going on for about 6 years now. Every time a new jailbreak tool is released, taking advantage of some holes in Apple's tight mobile operating system, you can bet your shirt that Apple will be quick at patching those holes with a software update.
Sometimes those software updates are released faster than others. For example, it took Apple 43 days to patch a series of vulnerabilities that allowed iOS 6 users to jailbreak their devices using evasi0n. In comparison, it took Apple only nine days to fix the bugs that were exploited by JailbreakMe 3.0.
The time difference can be easily explained by the fact that exploits like those used by JailbreakMe represent a much a higher security threat to iOS users than those used in evasi0n. Remember, JailbreakMe could be run directly from the device's browser, thus exposing virtually every single iOS 4.3.3 user at the time to security risks. In comparison, evasi0n requires you to plug the device to a computer via USB. Clearly, the security threats is much lower with evasi0n.
This being said, every time Apple releases a software update that patches vulnerabilities used in a jailbreak, some enthusiastic jailbreakers are always quick at calling Apple names and accusing the company to actively fight the jailbreak community. "Apple hates jailbreakers. They just released a software update to kill the jailbreak," you can often read every time an iOS update that patches a jailbreak is released. But is that really the truth? Does Apple really hate the jailbreak community or is it trying to protect the safety of its most popular operating system?
Nicholas Allegra, a.k.a.Comex — the iOS hacker responsible for the popular jailbreak tool JailbreakMe — has parted ways with Apple after interning there for a little over a year.
Last August, Comex broke the news that sent shockwaves through the jailbreak community, announcing that he would be joining the very company whose security he'd successfully undermined more than once.
Is it possible that Comex might pick up where he left off in the jailbreak community?
Jailbreak community owes a lot to adept hackers who find and exploit weaknesses in the design of iOS mobile operating system, thus allowing Apple's mobile gadgets to run unsanctioned software. It's more often than not a neverending cat-and-mouse game between Apple and hackers that at the end benefits jailbreakers the most.
Say you're an expert hacker who just figured an exploit in one of Apple's products. You could report your findings directly to Apple and help them plug those holes with a software update.
But did you know you could also hand over this valuable information to an exploit broker who will sell it to a government agency and net you a decent profit, minus the broker's commission? A U.S. government agency, to be precise...