Luca Todesco Releases iOS 12.1.4 WebKit Exploit

Luca Todesco is back with a bang! After a period of relative quiet, the Italian developer and hacker has made an unannounced comeback into the jailbreak world by taking to Twitter to drop a WebKit RCE exploit which works with iOS 12.1.4 and below.

Todesco is one of those well-known individuals in the jailbreak community who has moved from tweak development to exploit research and then ultimately onto producing fully-fledged jailbreaks using his own work as well as the discoveries of others, as evidenced by the wonderful Yalu jailbreak for Apple’s iOS 10 platform.

Since then, he has popped his head above the parapet every now and then but we haven’t really seen anything significant materializing from him. Until now, that is!

https://twitter.com/qwertyoruiopz/status/1098642526041444354

In true “phoenix from the flames” fashion, Todesco has thrown a hand grenade into the jailbreak community via Twitter with the release of what he is calling a “1day webkit RCE.” This essentially means that the bug allows remote code execution to take place in web browsers, which, as we should all know by now, this could potentially open the door for another JailbreakMe-esque experience.

We say could in this instance because there are multiple moving parts and requirements in a jailbreak of this nature. Todesco has done some of the work and pushed that out into the public domain. It now requires someone to hopefully pick that up and see if it can be turned into something tangible.

For those new to the jailbreak world, the original JailbreakMe experience was pulled together by the legendary comex and allowed a device owner to visit a specific website through Mobile Safari on the device and have the jailbreak payload injected via the web. This meant that there was no requirement from an app to be installed on the device and no signing or certificates required from the user’s perspective.

Interestingly, Todesco has also confirmed that this bug was only fixed three days ago by Apple, which means that it should work on devices running Apple’s latest released – iOS 12.1.4 – and below. There is a lot of positivity at the moment in the jailbreaking world, not only thanks to this announcement but also the hard work going on behind the scenes from Pwn20wnd and team to try and bring full iOS 12 support to unc0ver.

You can check out his work over here.

Leave a Reply