He’s back, and this time Italian security researcher Luca Todesco has decided to help the jailbreak community! He recently took to Twitter to talk about the security of iOS 10.2 and at the same time released a JailbreakMe-Style WebKit loader for Safari which will help those using the Pangu iOS 9.3.3 jailbreak.
Three cheers for Luca Tedesco and his iOS 9.3.3 jailbreak
Before you get too excited by this news, you should know that this isn’t a complete solution. For example, it won’t load Cydia, it doesn’t work like JailbreakMe, and you need to have a device running on the iOS 9.3.3 jailbreak for it to work. That’s the Pangu 9.3.3 jailbreak; however, if that’s you, it does remove some of the certification problems.
One of the biggest issues in using the Pangu jailbreak is the need to have a developer certificate for the loader app. And while the community is thankful to the Pangu team for creating the semi-untethered jailbreak in the first place, someone needed to address the concerns that it introduces because continually having to repeat the jailbreak process every time the Pangu iOS 9.3.3 jailbreak certificate expires is irritating.
A Safari-based solution
Todesco has created a way of circumventing the certificate issues. This takes away user concerns and also makes re-jailbreaking an iPhone, iPad, or iPod Touch running the iOS 9.3.3 jailbreak easy. In fact, it’s so easy that just “one click” is required. However, as we touched on earlier, you need to have a jailbroken device to use it.
To use Todesco’s solution, when the certificate of the Pangu loader app has expired, go to https://jmbe.qwertyoruiop.com with your iOS device using the Safari browser. Once there, you will be confronted with a page explaining what it is and mentioning that you require a 64-bit device for it to work. You may need to try this more than once for it to work. Clicking the large word “Go” in the center of the page will start the process.
Todesco said: “The tool uses HTML5 web app caching. If you add it to your home screen, no need to be connected to the internet after it. A full untethered jailbreak for iOS 9.3.x is actually possible, but that there is a potential risk of fu**ing devices over if the tool was ever released.”
What the re-jailbreak can and can’t do
Todesco’s iOS 9.3.3 jailbreak tool essentially replaces Pangu’s re-jailbreak tool, and it relies on a vulnerability in the mobile Safari browser which allows an arbitrary code to run. This replaces the need to use the PP app from Pangu. Here’s some clarification on what it can and can’t do.
It can:
- Re-activate the iOS 9.3.3 jailbreak using the PanGu semi-untethered solution.
- Work without the certificate restrictions that have plagued the jailbreak since release.
- Work directly via the browser without the need for a loader app.
It can’t:
- Work on jailbreak devices not already running the iOS 9.3.3 jailbreak.
- Install Cydia or be used as a substitute for the PanGu jailbreak because it is a reactivation tool
- Work on 32-bit devices, which means iPhone 5 and older devices.
- Making a jailbreak permanently untethered is also not possible with this solution.
Rare exploits and security concerns
So there’s a solution that removes the need to re-jailbreak iOS 9.3.3. However, what we now need is an iOS 10 jailbreak. No one knows when one will arrive, but Luca Todesco is working on it. In the meantime, he has warned those who may be interested in using the Safari solution that it could be used by hackers who have nefarious actions in mind. So be aware that using this solution could leave you vulnerable.
