Now that Pangu is out for the count with their iOS 10.3.1 jailbreak, which they are rumored to have sold to Apple Inc. for a massive bug bounty of $1.25 million, another iOS 10.3.1 jailbreak exploit is now in the works, to be released (as source code with instructions) around the end of August 2017.
RELATED: The Whole Truth About Pangu’s iOS 10.3.1 Jailbreak, and the Future of Jailbreaking (New Tab)
Based on a tweet by security researcher Adam Donenfeld, a privilege escalation exploit has already been written, and an iOS 10.3.1 jailbreak exploit will be released during “conferences season”.
@ichitaso @angelXwind exploit ios 10.3.1 soon by @doadam pic.twitter.com/P89h7mmOsf
— Içerde (@Problem_Ios) May 18, 2017
The tweet references two names – #zimperium, a software company known for developing several mobile threat detection software, and the company that Donenfeld works for; and #hitgbsec, a deep-knowledge security conference being held in Singapore at the end of August (21 to 25) 2017.
Yup, that means a really long wait. But the question is: can we trust this source?
First of all, the security researcher in question, Adam Donenfeld, is being followed by Luca Todesco (@qwertyuiop), a very well-known Italian security researcher who developed the Yalu102 jailbreak. That should account for something. Donenfeld himself works for Zimperium, a highly respected mobile security software company with investors like Samsung, Telstra and SoftBank. Their clients include multinational telcos, financial services companies and social media networks.
Second, Donenfeld has submitted no less than 8 kernel privilege escalation bugs to Apple, which the company has now patched. Presumably, the exploit that’s been written for the reported iOS 10.3.1 jailbreak is based on a bug that was reported after the iOS 10.3.1 public release, and it appears to be patched on iOS 10.3.2, meaning any jailbreak based on this exploit won’t work with that firmware.
Here are the 8 bugs in question, reported and patched on iOS 10.3.2:
iOS 10.3.2
Released May 15, 2017
AVEVideoEncoder
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CVE-2017-6994: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CVE-2017-6995: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CVE-2017-6996: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CVE-2017-6997: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CVE-2017-6998: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CVE-2017-6999: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
Entry updated May 17, 2017
==================================================
IOSurface
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-6979: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
Entry updated May 17, 2017
Third, to be clear, Donenfeld is not going to compile or release a jailbreak. He’s merely going to provide the source code and instructions for other security researchers, so they can develop a JB tool based on Donenfeld’s exploit.
Fourth, the exploits can be used on iOS 10.2 through iOS 10.3.1, and it possibly works on iPhone 7 as well – Donenfeld neither confirmed nor denied it when asked. That means, a compiled jailbreak based on this exploit should be able to run on most 64-bit iPhones including iPhone 7 (hopefully), and should ideally work on iOS 10.2, iOS 10.2.1, iOS 10.3 and iOS 10.3.1.
Fifth, if you’re still on iOS 10.3.1, please save your shsh blobs before Apple stops signing it, which could be any day now. As of today, May 24, Apple is still signing the iOS 10.3.1 firmware, so if you haven’t saved your blobs, do that now. If you’ve already moved to iOS 10.3.2, downgrade immediately and save the blobs for iOS 10.3.1 for your device. This jailbreak exploit will not work on iOS 10.3.2.
RELATED: How to Save Your SHSH2 Blobs in Three Simple Steps (New Tab)
Sixth, rule of thumb: any iOS version that gets released, save the shsh2 blobs for your device for that firmware. It could come in handy in future, you never know.
So now, we save our blobs and sit tight until the exploit’s source code is released in August. Once it’s available, some other security researcher is bound to compile a jailbreak tool using that. From the timeline, it looks like an iOS 10.3.1 jailbreak based on this exploit will only come in September, at the earliest, by which time Apple will be fully focused on the iPhone 8 launch.
Fingers crossed.
Thanks for visiting! Would you do us a favor? If you think it’s worth a few seconds, please like our Facebook page and follow us on Twitter. It would mean a lot to us. Thank you.
