Skip to main content

Kernel Exploit Explored In New PoC May Lead To iOS 11.4.1 Jailbreak

By | December 1st, 2018

The world of jailbreaking very much depends on there being a new, viable exploit that allows a jailbreak tool to be built upon it. Those kinds of things don’t come along often, and when they do, there is always tension between the two possibilities – does the exploit get used for a jailbreak, or is it sold to the highest bidder for some other use – one that will never be turned into a jailbreak?

As has been noticed by some, it appears that there has been a potential exploit in pre-iOS 12 releases that could turn into something interesting, with that exploit fixed in anything newer than iOS 12.

The exploit itself apparently “allows local attackers to escalate privileges.”

This is, of course, a long way from a jailbreak, and even if it was turned into such a thing, it would only be available for those using iOS 11.4.1 at the newest. That would still make a lot of people happy, but anyone expecting this to turn into a jailbreak anytime soon shouldn’t think about holding their breath.

Jailbreak-capable exploits are discovered more readily than jailbreaks are released, and that can be the case for many reasons.

But that said, the potential is indeed there. That’s sometimes enough to get the juices flowing, and as always, our suggestion is to remain on the oldest possible version of iOS for as long as possible if jailbreaking, or future jailbreaking is something you’re interested in doing.

(Source: Project Moon [Google Translate])

You may also like to check out:

Related Stories

Let’s block ads! (Why?)

Redmond Pie


New WebKit RCE Bug Discovered, Could Lead To iOS 12.0.1 JailbreakMe-Style Jailbreak

By | November 4th, 2018

A new WebKit RCE bug has been discovered, exploited, and documented, which could give some hope of a future JailbreakMe-style jailbreak. After a period of relative calm in the world of jailbreaking, this could be the hope that a lot of people need relating to a potential iOS 12 jailbreak.

The existence of the WebKit RCE bug and the associated exploit was announced to the world on Twitter by Ahn Ki Chan. The work has actually been undertaken and shared with the world by Twitter user @begger_dd, who goes by the name of “BigD.”

Not exactly the best hacking or security name in the world but he is clearly an individual who is well-known to the community and has benefited from kind words from popular members such as Niklas Be (@_niklasb):

kudima(@begger_dd) submitted another WebKit RCE exploit to the repository! He wrote the entire exploit along with a very detailed annotation, which works up to iOS 12.0.1. Thanks again @begger_dd for the contribution! ?

As confirmed by the tweet, this work exists all the way up to iOS 12.0.1 meaning that it looks as though Apple may have patched whatever this bug was with the release of iOS 12.1. That’s not exactly ideal but could potentially give hope to the community that we could be seeing an iOS 12.0.1 jailbreak soon.

It is, however, worth noting that this is only part of the overall puzzle but could potentially lend itself to the production of a JailbreakMe type experience that is capable of remote jailbreaking a device through a web page visited via Mobile Safari.

Currently, members of the jailbreak community and those who are interested in jailbreaking are able to jailbreak devices up to and including iOS 11.3.1. Electra and Unc0ver both support jailbreaking at that level and also include the ability to liberate iOS 11.4 beta 3 but neither have the ability to jailbreak anything higher than that.

We’ve seen a number of potential breakthroughs as far as iOS 12 is concerned but nothing concrete yet that could be released into the public domain. Let’s keep our fingers crossed that the iOS 12.0.1 WebKit RCE bug could give us something in the near future. You can check out the work over at the GitHub page here.

(Source: @Externalist [Twitter])

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple, and the Web.

Related Stories

Let’s block ads! (Why?)

Redmond Pie


How To Jailbreak iOS 11.1 – iOS 11.4 Beta 3 Using Unc0ver [Tutorial]

By | October 16th, 2018

This past weekend saw the release of a new jailbreak in the shape of the Unc0ver tool. Built by Pwn20wned, a former member of the renowned Electra Jailbreak team, the new release is perfect for jailbreaking devices running iOS 11 through iOS 11.4 beta 3. That includes iPhones, iPads, and of course, iPod touch devices – who could forget those?

As always, there is a specific way in which the jailbreak needs to be applied and if you’re new to the world of jailbreaking, it can be a daunting prospect. Don’t worry, though; we’re here to make sure everything goes according to plan so, without further ado, let’s get started, shall we?

The first thing that needs to be noted is which devices are supported by the new jailbreak – the list is long, so you’re probably fine. Anything compatible with iOS 11 is good to go, which means:

Compatible Devices:

  • iPhone X
  • iPhone 8, iPhone 8 Plus
  • iPhone 7, iPhone 7 Plus
  • iPhone 6s, iPhone 6s Plus
  • iPhone 6, iPhone 6 Plus
  • iPhone SE
  • iPhone 5s
  • 2nd-gen 12.9-inch iPad Pro, 12.9-inch iPad Pro, 1st-gen 10.5-inch iPad Pro
  • 9.7-inch iPad Pro
  • iPad Air 2, iPad Air
  • 5th-gen iPad
  • iPad mini 4, iPad mini 3, iPad mini 2
  • iPod touch 6G

So with that out of the way, exactly how do you do the deed?

Step 1: The first step, as ever, is to download the tools required. The jailbreak tool itself can be downloaded from GitHub, while Cydia Impactor can be downloaded from its own website at

Step 2: Now, connect your iPhone, iPad, or iPod touch to your computer of choice using a Lightning cable.

Step 3: Fire up Cydia Impactor on your computer. At this point, it should detect your iOS device. Drag the downloaded Unc0ver jailbreak IPA file into Cydia Impactor. Enter the Apple ID and password for your Apple Developer account when the app asks for it and then wait for Cydia Impactor to do its thing.

Step 4: Once the Unc0ver jailbreak IPA has been copied across to your iOS device, open the Settings app before heading to General > Profile(s) & Device Management – in older versions of iOS this may just say Device Management.

Step 5: Tap on the entry that shows your Apple ID, select the Trust option, and tap Trust again on the dialog that follows.

Step 6: We would suggest enabling Airplane mode prior to using Unc0ver Jailbreak just to be safe. The same goes for disabling Siri – do that in the Settings app under the Siri and Search entry.

Step 7: Restart your device, making sure that Airplane mode is still enabled when the device is powered back on.

Step 8: Launch the Unc0ver Jailbreak app from your Home screen and tap the Jailbreak button in the middle of the screen.

Step 9: Sit back and try to relax. This should be the end of the process, with the jailbreak working its magic. Once the process completes, your iOS device will respring.

See, that didn’t hurt one bit, did it?

You may also like to check out:

Related Stories

Let’s block ads! (Why?)

Redmond Pie


iOS 12 Jailbreak Status Update: Here’s What You Need To Know Before Upgrading

By | September 17th, 2018

Want to jailbreak iOS 12, iOS 12.0.1 or even iOS 12.1 final version? Here’s what iPhone and iPad users upgrading from iOS 11 to iOS 12 need to know.

Apple has officially released iOS 12 into the public domain. With that release comes a slew of device owners distributed all over the globe pondering about whether or not the move to iOS 12 is worth it. Apple’s latest iOS update really speaks for itself in terms of the features, functionality, and improvements that it offers but some iPhone, iPad, and iPod touch owners also need to pass in the variable of jailbreaking when making their decision.

Unfortunately, unlike many generations of iOS ago, the current jailbreak landscape isn’t as smooth and plain sailing as many would like it to be. With that in mind, it means that device owners really need to take a long, hard, and informed look at the landscape and ascertain whether or not it’s worth upgrading to iOS 12 and losing access to a jailbreakable version of iOS 11 or whether it makes sense to stay jailbroken on iOS 11 and forego all of the new iOS 12 improvements.

It’s a tough decision which requires being informed. Thankfully, in order to try and help, we are going to look at where the community appears to be as far as an iOS 12 jailbreak goes.

The Current Jailbreak Situation

Currently, pre-iOS 12, jailbreaking is actually in a relatively positive position. In the last twelve months, we have seen a lot of jailbreak-based activity which initially resulted in Electra being released for early versions of iOS 11 and then subsequently expanded on the back of a new vulnerability release to support devices running all the way up to iOS 11.3.1. Those same vulnerabilities have been patched by Apple in iOS 11.4 and beyond, meaning that iOS 11.3.1 is the furthest that Electra support goes for production firmware, but even that is enough to class jailbreaking as far as iOS 11 goes as a success giving the circumstances.

Apple’s Cat and Mouse Game

Apple doesn’t want iOS 12 to be jailbroken. In fact, Apple doesn’t want iOS jailbroken full-stop but, according to recent tweets by developer @nullriver, it seems that the company is putting at least some effort into trying to make iOS 12 harder to liberate. With iOS 12, Apple has introduced an initiative in the form of the CoreTrust framework which is tasked with checking and verifying all signatures to ensure that they come directly from Apple. There has also been work carried out under-the-hood to make sure that iOS 12 works in conjunction with the new A12 Bionic chip to make things harder for jailbreakers. Not show-stopping changes to the platform but certainly enough of an effort on Apple’s part to signify the company’s intent and to at least have developers performing in-depth research.

iOS 12 Jailbreak Timeline

Well, friends, that’s a wonderful question and one that is entirely easy to answer! Since June, when the first developer preview of iOS 12 was released, developers and security researchers with an interest in jailbreaking and cracking security have been hard at work on iOS 12. And, much to the delight of the community, some of that work has resulted in positive progress being shared publicly. So, let’s have a recap:

Should Jailbreakers Update To iOS 12 Today?

We’ve had very public acknowledgments that jailbreak developers are actively working on the platform. We’ve had the discovery of multiple 0day bugs within iOS 12. And we’ve had developers with jailbreak pedigree actively working on iOS 12 liberation. No-one has yet managed to demonstrate and showcase an end-to-end iOS 12 jailbreak that could be released to the public but we think it’s only a matter of time. Still, if you are some who is jailbroken on iOS 11 and relies a lot on jailbreaking, we will suggest staying away from iOS 12 update for now until there’s confirmation of one coming for public really soon. We will of course keep you updated on this situation as it develops. Stay tuned for more.

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.

Related Stories

Let’s block ads! (Why?)

Redmond Pie


iOS 12 Jailbreak Security Exploit Discovered, Read And Write Privilege Achieved

By | September 8th, 2018

This is the news that Apple definitely does not want to hear ahead of its September 12 event. Not long after @nullriver went public to suggest that iOS 12 could be harder to jailbreak, a group of security researchers has taken to Twitter to confirm that they have achieved kernel read/write access on iOS 12 beta 12.

A security researcher by the name of Simone Ferrini has taken to Twitter to confirm that he and his colleagues have managed to pwn iOS 12 beta 12, which is the latest beta release by Apple ahead of an upcoming Golden Master seed of iOS 12.

The tweet was qualified with the fact that the team has managed to achieve “Kernel Memory R/W” with the work that has been undertaken, meaning it’s important to keep in mind that this is not a full and final jailbreak for Apple’s iOS 12 platform. However, it is a very important component of what could potentially be a public jailbreak.

The tweet also tagged in two additional developers and security researchers as being part of the process, both of whom presumably work for the same – or are affiliated with – the same TRUEL IT company that is tagged in Ferrini’s Twitter biography. As is standard practice these days, there is also a video attached to the tweet that is designed to show off the work that has been undertaken and shows an iPhone connected to a terminal session and confirming that the team has achieved exactly what it is claiming.

As is always the case with this type of work and revelation, it’s worth taking it all with a pinch of salt until something definitive and useful to the community comes from it. Security researchers who are publicly affiliated with a company are more often than not performing the work and showing it off as part of a bigger picture.

This can sometimes be part of an official bug bounty program to earn the company money or to simply show off the capabilities of the individuals who work at the business. It’s rare that these bugs and vulnerabilities actually turn into a public jailbreak. At least by the hands of the individuals who found them.

If this turns into anything additional we will be sure to let you know with immediate effect.

(Source: @Simone_Ferrini [Twitter])

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.

Related Stories

Let’s block ads! (Why?)

Redmond Pie


How To Change Root Password After Electra Jailbreak And Why You Should Do It Now

By | August 3rd, 2018

If you’re new to the jailbreaking scene, then you may be forgiven for not knowing some of the intricacies of something that could potentially open your iPhone or iPad to security threats. It’s something that anti-jailbreaking people like to throw at the jailbreak community without always knowing the ins and outs of the situation and although there is a modicum of truth to their complaints, there is one easy way of making your device a little more secure.

We’re talking about the root password to your device, something that is opened up more than we would like once a device is jailbroken and with all iOS devices shipping with the same default password, changing it is a good security measure for anyone post-jailbreak.

Thankfully, going through the process of changing a device’s root password is not a complicated one although if you are not familiar with the process, then there is room for confusion. Here we’re going to run through the steps needed in order to make sure you’re all set up, changing your root password to something unique that only you will know.

Let’s get started shall we?

Step 1: On your newly jailbroken iOS device, open Cydia and search for “newterm2” before installing it.

Step 2: Open up newterm2, which is essentially a terminal app for iOS, and type “su” without the quotes before hitting return.

Step 3: Enter the default root password, which is “alpine” (again, without the quotes). This is the same for all iPhone, iPad, and iPod touch devices.

Step 4: Next, type “passwrd” without quotes and press return.

Step 5: Enter a new password and press return.

Step 6: Re-enter the same password. Press return again.

Step 7: Make sure you don’t forget that new password!

That’s all there is to it. Your iPhone or iPad now has a secure password and, importantly, it is not the same one as every other iOS device.

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.

Related Stories

Let’s block ads! (Why?)

Redmond Pie


How To Keep Deleted WhatsApp Messages On iOS [No Jailbreak Required]

By | July 29th, 2018

Some people love the fact that Facebook-owned WhatsApp now has the ability to delete messages and sent media. Others, however, think it’s a terrible idea and still want to see everything that has been sent without fear of missing out.

Well, we have some good news and are here to let you know that if you fall into the latter bracket of individuals then it’s entirely possible to prevent content from being deleted on the iOS platform. Now that we have your interest piqued, let’s dive right in and take a look at the process.

Step 1: You are going to need a few things to get started. First of all, you will need to download the Watusi-for-WhatsApp IPA file. This is essentially like a “WhatsApp++” type apps which modifies the WhatsApp experience. There are two versions of this available depending on whether you want to overwrite the original WhatsApp or if you want to have this installed as a duplicate. Head over to the apps GitHub page here to download the latest version of your choice and the follow the instructions here on how to install it.

Step 2: Now that you have the chosen IPA of your choice, you are going to need to download the Cydia Impactor tool in order to sideload the IPA to your connected iOS device. If you don’t have it, you can grab it from here.

Step 3: Connect your iPhone to your PC or Mac and run Cydia Impactor. When the device is connected, drag the Watusi-for-WhatsApp IPA onto the Cydia Impactor interface.

Step 4: When prompted, enter your Apple ID and password. Remember, if this is Apple ID is not associated with a paid Apple Developer account, then you will have to re-sign the app every 7-days.

Step 5: Wait for the Watusi-for-WhatsApp app to be installed to your device and then head to Settings > General > Profile(s) & Device Management and select the profile associated with this installation. Select Trust and then Trust again.

Step 6: Now, open Watusi-for-WhatsApp and set the app up just like you would with WhatsApp. Select Settings > Watusi Preferences > Chat Add-ons and then make sure that Keep Contacts Revoked Messages is toggled to the ON position.

And voila! There you have it. Now, when a contact deletes messages or sent media, including photos and videos, they will still be visible on your Watusi-for-WhatsApp installation.

You may also like to check out:

Related Stories

Let’s block ads! (Why?)

Redmond Pie


iOS 11.3.1 Jailbreak Detection Bypass App Libertas Works For 90+ Apps, Coming Soon

By | July 25th, 2018

After announcing that there will be a new jailbreak detection thwarting mechanism on the way soon, the folks behind the Electra jailbreak have been beavering away to get the building blocks in place to allow users to keep using apps that would normally not work on jailbroken devices.

Now we have new confirmation from one jailbreak developer that something is in the pipeline, and it’s called Libertas.

Announced via Twitter, Libertas apparently targets no fewer than nine different techniques that are used by apps in order to allow them to check whether an iPhone or iPad is jailbroken. Libertas has been tested on more than 90 apps, which should mean that it has a fairly decent chance of making your favorite app work, something that not all anti-jailbreak detection options are capable of.

For those unfamiliar with jailbreak detection, it’s a mechanism that allows apps to tell whether a device is jailbroken and then refuse to run if that is the case.

This is mostly used by financial apps like those that your bank may offer, but some games including Fortnite are also using jailbreak detection as a way of trying to prevent cheaters from taking over games. With something like Libertas in effect, this may no longer be viable.

According to developer Umang Raghubanshi, Libertas will arrive this coming Friday, which means we will know more in a couple of days.

If you’ve been stuck unable to use a vital app or play a favorite game on your jailbroken iOS device, then this may just be the answer to your prayers.

We’ll know more this Friday.

(Source: Umang Raghuvanshi [Twitter])

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.

Related Stories

Let’s block ads! (Why?)

Redmond Pie


iOS 11.4.1 To iOS 11.4 Beta 3 Downgrade No Longer Possible For Jailbreak

By | July 18th, 2018

Cupertino-based Apple Inc. has officially stopped signing its iOS 11.4 firmware approximately one week after releasing iOS 11.4.1 into the public domain. The move means that device owners are no longer able to downgrade from iOS 11.4.1 to another version of Apple’s mobile firmware.

The majority of iPhone and iPad owners who have been within Apple’s ecosystem for a decent period of time will be well aware of Apple’s commitment to continually updating and releasing new versions of iOS.

Tim Cook’s company dropped iOS 11.4.1 last week containing a plethora of bug fixes, under-the-hood enhancements, and overall improvements that should stabilize and correct any issues found with the iOS 11.4 release. With that release now find its way onto devices around the world, Apple has decided to stop signing iOS 11.4 final as well as iOS 11.4 beta 3, which will really only have a large effect on would-be jailbreakers looking to downgrade.

Most iOS device owners will see a new version of iOS, choose to upgrade as per Apple’s prompt, and then never look back. However, where jailbreaking is concerned, it’s always a wonderful situation if device owners have the opportunity to roll back their firmware should they need to do so. And with the Electra jailbreak supporting iOS 11.4 beta 3, some would-be jailbreakers have been taking the opportunity to take that backward step and liberate themselves using the aforementioned jailbreak. This internal decision by Apple relating to iOS 11.4 has now put an immediate stop to that process.

For those who aren’t interested in a jailbreak then iOS 11.4.1 is definitely an installation worth having. Apple introduced a number of new features with the release of iOS 11.4, including Messages on iCloud and AirPlay 2, which works harmoniously with updated HomePod hardware. iOS 11.4.1 doesn’t expose brand new features but it does do a very good job of streamlining that iOS 11.4 release and ensuring that iPhone, iPad, and iPod touch owners get the best possible experience across all supported hardware.

iOS 11.4.1 could also be the last version of iOS 11 to be released into the public domain ahead of an official public release of iOS 12. Apple is currently testing iOS 12 with developers and public testers. The next major release as far as Apple’s mobile platform is concerned could be the first public unveiling of iOS 12 this coming September.

You may also like to check out:

Related Stories

Let’s block ads! (Why?)

Redmond Pie


More Details On Sileo Cydia Replacement / Alternative For Electra Jailbreak Emerge

By | July 18th, 2018

Now information on the Cydia replacement that is set to be bundled with newer versions of the Electra jailbreak has emerged. Dubbed Sileo, the app will install alongside the upcoming Electra jailbreak version update as a total Cydia replacement and will remove the need for additional fixes and hacks to be included to keep Cydia functional.

Until now, little information has actually been pushed out into the public domain as far as Sileo is concerned. We’ve learned that the app is a work in progress and that it has been designed to fully replace Cydia going forward on all future Electra jailbreaks.

We’ve also had a quick glimpse at the initial user interface for the app running on an iPad and have seen the adding of new repositories functionality in operation. As mentioned at the time, this process will be extremely familiar for anyone who has worked with Cydia previously.

Now, developer CoolStar has taken to Twitter to give some additional information on payments and how they will work across the Sileo platform and including various repositories. In short, the developer has confirmed that any repository will be able to handle commercial packages and take payments from users and that additional API documentation will be released in due time to enable owners of those repositories to set up that flow:

any repo will be able to handle paid packages through Sileo. API documentation will be available once Sileo is released.

He also confirmed that repositories will be able to use a “standardized API to present package price, purchase status, and handle payments seamlessly,” meaning that users should expect to see a uniform process and payments process throughout Sileo, regardless of what they are purchasing or the repository that the purchase points to. This is all good news and gives the comfort to package and tweak developers that payments will still be able to be taken and handled once the comfort zone of Cydia is removed.

It is definitely good news to see more information about Sileo filtering through into the public domain. However, what the community really wants is an indication of when Sileo will actually be released and when we can expect to see a fully functional version of it in the real-world.

(Source: @coolstarorg [Twitter])

You may also like to check out:

Related Stories

Let’s block ads! (Why?)

Redmond Pie