Only last month, well-known Italian iOS hacker and developer Luca Todesco teased a really nifty browser-based jailbreak that appeared to work on iOS 9.3.2.
Although the jailbreak would never be released to the public, Todesco says that Apple’s upcoming iOS 10 release closes an important exploit used in the jailbreak, which was shown off just last month.
Apple patches another useful jailbreak exploit
As Todesco, better known as qwertyoruiop, notes on Twitter, iOS 10 closes a very powerful 0-Day exploit that he calls GasGauge, which played an instrumental part in the brower-based jailbreak that he showed being installed from the Safari web browser back in May.
https://t.co/P82w2EdL6V – GasGauge double free race condition 0day exploit for iOS 9.3.3b and lower
— @qwertyoruiop@nso.group (@qwertyoruiopz) June 15, 2016
needs a sandbox escape, any uid, gives you arbitrary alloc and free primitives. have fun.
— @qwertyoruiop@nso.group (@qwertyoruiopz) June 15, 2016
For anyone who missed the chance to see the jailbreak in action, it works a lot like the popular jailbreakme website did. You can see it in action below:
Passing the torch
Since the exploit is closed in iOS 10, Todesco appears to have chosen to release the 0-Day exploit to the public in the hopes that a current jailbreak team or hacker will be able to make use of it before it’s too late.
It’s said that the exploit works on iOS 9.3.3 beta and earlier, which means it has the potential to provide a jailbreak to a large number of people who have gone without for so long.
The hacker also notes that iOS 10 put a heavy foot down in security, noting that the first iOS 10 beta not only closes his browser-based jailbreak, but also another jailbreak project he was working on.
so- apple killed both of my jailbreak chains. gasgauge was in one.
— @qwertyoruiop@nso.group (@qwertyoruiopz) June 16, 2016
And that exploit (which I think to be quite complicated and well-thought) was written in 2 or 3 days. I'm super proud of it. R.I.P.
— @qwertyoruiop@nso.group (@qwertyoruiopz) June 16, 2016
I hope it makes anyone realize how hard it actually is to pull this stuff on, considering it's just 1/4th of the deal. Respect devs.
— @qwertyoruiop@nso.group (@qwertyoruiopz) June 16, 2016
It’s no doubt that finding these exploits is a tough job of its own, but then you also have to have the resources to test the exploits on several devices, code a jailbreaking application, and then move it out to the masses all while keeping regular stability updates.
It takes a team
Since Todesco, being a one-man team, didn’t have these resources, his decision makes sense and it is hoped that his posting of the exploit out to the public will allow it to reach someone who could.
Currently, the only two jailbreak teams that have delivered jailbreaks for the most recent iOS firmware versions are TaiG and Pangu, both of which been very quiet these last several months.
Pangu did release a jailbreak in March for iOS 9.1, but it was highly criticized for being released for a firmware version that many people weren’t on, or that was impossible to be downgraded to.
Wrapping up
Will Todesco’s 0-Day exploit soon lead to a public jailbreak for iOS 9.3.3 beta and earlier? No one knows at this point in time, but we can all cross our fingers can’t we?
One thing we know for sure is that anyone who was working on a jailbreak for iOS 10 probably has to start at the drawing board again. It would seem iOS 10 has a strong focus on software security as Apple continues its active stance against jailbreaking.
Do you think a public jailbreak will launch before the release of iOS 10? Share in the comments!