Liberating iOS devices from Apple’s walled garden to enjoy a bunch of new features used to be a rage some time ago. But the Cupertino company has made it increasingly difficult for its users to jailbreak their devices. It has also added dozens of new features (mostly borrowed from jailbreaks) to iOS that were previously available only through jailbreak, giving people fewer reasons to liberate their devices. Many iPhone and iPad users have abandoned jailbreaking due to security concerns. But there are still hundreds of thousands of people eagerly waiting to jailbreak iOS 12 devices.
Devs making progress towards iOS 12 jailbreak
Developers and hackers have been working on iOS 12 jailbreaks since the Cupertino company rolled out the new software last year, but we haven’t yet seen a full-fledged public iOS 12 jailbreak. Soon after Apple released the iOS 12.1.3 to the public a few days ago, some developers have dropped hints that they have made significant progress in jailbreaking iOS 12.1.2.
So, if you haven’t upgraded to iOS 12.1.3 and want to liberate your device, you should consider staying on the 12.1.2 or older firmware. If you have already upgraded, downgrade to the 12.1.2 while Apple is still signing it. The tech giant could stop signing the older firmware anytime.
Brandon Azad, a developer well known within the jailbreak community, said in a tweet that people interested in bootstrapping iOS kernel security should “keep an A12 research device on iOS 12.1.2.” Alibaba security researcher Min ‘Spark’ Zheng responded to Brandon’s tweet by saying “looking forward to seeing iOS 12 JB.” Zheng has discovered many bugs and vulnerabilities in iOS software in the past.
If you're interested in bootstrapping iOS kernel security research (including the ability to forge PACs and call arbitrary kernel functions), keep an A12 research device on iOS 12.1.2.
— Brandon Azad (@_bazad) January 22, 2019
looking forward to seeing iOS 12 JB~??? https://t.co/LyKNFH2DX7
— Min(Spark) Zheng (@SparkZheng) January 23, 2019
As RedmondPie points out, Zheng’s tweet indicates that all the necessary components needed to jailbreak iOS 12.1.2 and older are in place. Apple’s official security changelog suggests the bug Brandon Azad was referring to was applicable on devices going as far back as iPhone 5S. It will be interesting to see whether Brandon Azad would take up the challenge upon himself or someone else would do the hard work of putting together all the pieces to release a public iOS 12 jailbreak.
In the security change log that Apple put out it says iPhone 5s and later so probably?
— The Jailbreak Hub (@thejailbreakhub) January 22, 2019
Researcher remotely jailbreaks iOS 12 on iPhone X
Separately, Qihoo 360 Vulcan Team security researcher Qixun Zhao demonstrated how he managed to remotely jailbreak iOS 12 software on the iPhone X. He shared the proof of concept (PoC) of the bug he had teased a few weeks ago. The bug Zhao cited can achieve tfp0, according to iDownloadBlog. For the uninitiated, tfp0 is a kernel task port that allows arbitrary read and write access to a phone’s kernel memory. Such exploits are powerful enough to facilitate a full-fledged jailbreak.
IPC Voucher UaF Remote Jailbreak Stage 2 https://t.co/V8prQKAllh (Chinese, English may be later) and demo : https://t.co/lf6aY4nRDc
— SorryMybad (@S0rryMybad) January 23, 2019
Here is the PoC of the bug I used to jailbreak https://t.co/IAwkiKqzNg can work before 12.1.2..The blog post about exploit on A12 will come soon.? pic.twitter.com/S5s2tICLaD
— SorryMybad (@S0rryMybad) January 23, 2019
It’s unclear whether Qixun Zhao’s exploit could be used in any of the existing jailbreak tools such as Electra and Uncover, both of which work up to iOS 11.3.1. In the past, Uncover developer Pwn20wnd has shown interest in Zhao’s exploit, indicating that they were interested in developing an iOS 12 jailbreak tool.
The jailbreak story doesn’t end there. Alibaba security researcher Min ‘Spark’ Zheng and Xialong Bai have managed to exploit vulnerabilities in the iOS 12.1.2 firmware to gain root access to the iPhone XS, XS Max, and iPhone XS. They used the Port-Oriented Programming (POP) attack to compromise the iOS 12 software.
Finally! (Mach) Port-oriented Programming (a.k.a POP) Attack Proof 3: Get task_for_pid_0 & root on iOS 12.1.2 (iPhone XS Max with A12 core), by @bxl1989 and @SparkZheng . PAC bypassed now! pic.twitter.com/gL3LZMnqUj
— Xiaolong Bai (@bxl1989) January 15, 2019
More importantly, Zheng and Bai’s exploit opens the possibility of finding vulnerabilities in Apple’s ultra-secure A12 Bionic chipset. However, Min Zheng is a security researcher, so there is a good chance he would report the vulnerabilities to Apple rather than working on a public jailbreak tool.
Despite all these developments, there is no guarantee that we will see an iOS 12 jailbreak anytime soon. Even if all the pieces are there, it involves a lot of hard work to put them all together and ensure that they work as expected before releasing a jailbreak. Anyway, Apple doesn’t like the idea of its users jailbreaking their devices. The tech giant has warned in the past that jailbreaking could void the warranty. It also removes the built-in security layers in the iOS software, exposing you to hacking and malware attacks.
