Yesterday, at MOSEC 2017, Liang Chen of KeenLab, the security wing of Chinese Internet media giant Tencent, demonstrated a working jailbreak for iOS 11 Beta 2, which was only released to developers less than two days ago. How did the security researcher compile a jailbreak so quickly? More importantly, what are the implications on iPhone 8 that comes out later this year running the final public version of iOS 11?
Jailbreaking a highly secure operating system like iOS 11 is extremely difficult. The fact that Liang Chen managed to compile a jailbreak for the latest beta that’s only been out for two days can only mean one thing: the exploit used for the jailbreak was written for a flaw that carried over from iOS 11 Beta 1 – or, possibly, even iOS 10.3.x or earlier.
It’s not unusual for a jailbreak expert to hold back a KPP bypass for use on a later JB tool. A Kernel Patch Protection bypass is very hard to come by, so it’s not a stretch to assume that this particular one was developed a while ago, but only showcased now on iOS 11 Beta 2 because the flaw still exists.
That also means that this flaw could go un-patched as Apple goes through several more beta iterations of iOS 11. The implications for iPhone 8, therefore, are very profound. That means iOS 11 could be released on iPhone 8 with a jailbreak tool waiting to be used on it.
That’s a tremendous development in a currently bleak jailbreak landscape. In fact, it could be the first time that a jailbreak has been developed for a yet-unreleased version of iOS. I could be wrong, though. A lot of jailbreaks over the years may have been developed before the final OS release, but were only published to the public afterwards.
What generally happens is that, when a jailbreak is released, Apple analyzes it and then patches the flaw in the very next iteration of iOS. That scenario has played out several times over the past ten years.
This time, however, if Apple is unable to find the flaw that led to this particular iOS 11 jailbreak, it will be forced to release iOS 11 knowing that it can be jailbroken right after an iPhone 8 is purchased, or an older device is upgraded to iOS 11.
That’s huge! But now for the downer:
This particular iOS 11 jailbreak may never be released to the public. A demo at a conference doesn’t necessarily mean that a generally available public jailbreak tool will ever be released. We learned that from the Pangu iOS 10.3.1 jailbreak that still hasn’t seen the light of day after being showcased late in April this year at the Janus mobile security conference.
But we can still hope. Not only has Liang Chen demoed the iOS 11 beta 2 jailbreak, but also another jailbreak for iPhone 7 running iOS 10.3.2. We’re praying that this version, at least, will be made publicly available soon, since Apple can’t patch the flaw for it any more.
Another possibility is that Liang Chen and KeenLab are waiting for iOS 10.3.3 to come out of beta, but that’s just an assumption.
Whatever happens, this has been a great day for iOS jailbreaking. Not one, but two major jailbreaks have been demoed, so at least we know that they’re out there. The jailbreak community can feed on that momentum for a while, even if it means having to wait on iOS 10.3.1 just to cover the Pangu angle.