Ian Beer’s iOS 11.1.2 exploit released and v0rtex exploit (=>iOS 10.3.3) ported to iPhone 7 and 32-bit devices, gets tfp0 access and sandbox escape!
Until a few days ago, the iOS jailbreak seemed like it was almost going to die as there wasn’t much to look forward to. Yet, in a couple of days, thanks to dedicated hackers like Ian Beer and S1guza, the jailbreak scene has come back to life! This article is here to give you all the necessary information in a concise manner without having to dig around /r/jailbreak and other sites.
Ian Beer releases his iOS 11.1.2 exploit that gives tfp0 access
Less than a week ago, Ian Beer tweeted on his newly-created Twitter account that he had an exploit for iOS 11.1.2 (which was patched on iOS 11.2) that granted the user tfp0 access. Tfp0 (task at pid 0) is said to be about 80% of a jailbreak as it gives the user the ability to run code with kernel privileges (the highest privilege code can be run at).
Now, Ian Beer released his exploit to the public so that other talented developers could develop it further so that a full jailbreak or some type of hack becomes available for the general public. Lately, Jonathan Levin (@Morpehus______) seems to have become quite interested in exploiting iOS 11.1.2 so maybe he’s on to something! He’s also mentioned that the Apple TV has a good chance of getting pwned as he wishes to update LiberTV to work on tvOS 11.x since Ian Beer’s exploit works on tvOS 11.x (versions based on iOS 11.1.2 or lower) as well! If you want a jailbreak, you should really downgrade to iOS 11.1.2 if you’re on iOS 11.2.
v0rtex now works on 32-bit devices, gets tfp0 access and can escape sandbox
S1guza has developed his v0rtex further so that it has tfp0 access and can escape sandbox which means that a jailbreak is even closer than before!
Apart from this, the v0rtex exploit now supports Apple A10 (presumably A10X devices too?) which means that the iPhone 7 (+) stands a good chance of getting jailbroken on iOS 10.3.3 (or below) soon!
Tihmstar (massive contributor to Phoenix and creator of Etason JB among other feats) has got v0rtex (presumably with s1guza) to work on Apple A6 (32-bit) devices. This means that the iPhone 5/5C and the iPad 4 will probably be jailbroken for life pretty soon!
Conclusion
If you wish to read more about these recent updates, visit the links below. Make sure to downgrade to iOS 11.2 from iOS 11.1.2 while it’s still being signed (probably won’t be signed for too long) and stay on iOS 10.3.x if you want a jailbreak! As always, don’t ask for ETAs!
Ian Beer’s bug report (+ exploit download link if you think you can get it to work): https://bugs.chromium.org/p/project-zero/issues/detail?id=1417#c3
Tweet about S1guza’s exploit working on the iPhone 7 (A10): https://twitter.com/s1guza/status/940075084353380354
Tweet about tihmstar getting v0rtex to work on 32-bit (A6) devices: https://twitter.com/tihmstar/status/940751131709292545
Instructions to downgrade to iOS 11.1.2 from iOS 11.2 without restoring: https://www.reddit.com/r/jailbreak/comments/7hqyyh/upcoming_ios_1112_tfp0_exploit_by_ian_beee/dqtt5z5/
FIRST!
I’ve saved my shsh blob with the jailbreak bot to go back to 11.1.2 when needed.
Is this enough or only untill they block the signature ?
PLS write about PS3 homebrew instead of IOS,there are lots of things to write about PS3 hacks,but you guys pay almost no attention to them.
like what?
dont see the point in jailbreaking anymore. whats the benefits nowadays?
I mostly use it for small tweaks and stuff like that 🙂
How about being able to send any app to a carplay head unit? That’s a reason. I want Waze on carplay! Also, I have a 32 bit app that cost $300.00 8 years ago. I use it everyday to control a $15K+ whole house audio system. The app will never be updated so unless I am willing to forgo that app, I am “stuck” with 10.3.3. Jailbreaks would let me put a lot of ios 11 features on an ios 10 phone. So… Best of both worlds. There are still reasons to jailbreak!
We need more android hack news also exposed framework modules kali2 pandwarf etc…
I am on iOS 8.1 Jailbroken. I have my shsh2 blobs for 11.1.2. Will I be able to downgrade back to iOS 8.1 somehow if I don’t like iOS 11.1.2? I do not have any .blobs for my iOS 8.1.
Without the shsh blobs for 8.1, once Apple stops signing a firmware, you can’t install it anymore.
Thanks for the article! I really appreciate the occasional iOS news, even though that’s not the focus of this site.
And I think this should be the other way round: “Make sure to downgrade to iOS 11.2 from iOS 11.1.2 while it’s still being signed”
😉
Or you saved the shsh blobs for that system software. It’s good practice to save the new ones every time Apple releases a new system update. This way you can always downgrade to an exploitable version even if Apple isn’t signing it.
I use https://tsssaver.1conan.com to save mine. It can even check to make sure the blobs are valid and it works on any OS.
“Ian Beer’s bug report (+ exploit download link if you think you can get it to work)”
The link worked just fine without a hitch at least for me. Anyone need a mirror to the file?