iOS Jailbreaking: iOS 12.2 is now jailbroken with unc0ver thanks to nedwill’s release of his tfp0 bug!
In many hacking scenes, there’s a constant cat and mouse game going on with vulnerabilities being patched as soon as possible to thwart hacks and jailbreaks from being released. Now, the proverbial cat in the iOS jailbreaking scene has caught up a tad further as iOS 12.2 (and 12.1.3/4) are jailbroken thanks to nedwill’s tfp0 exploit!
What’s a tfp0 exploit? What got released?
For quite a while, Ned Williamson (@nedwill on Twitter) has been working on obtaining tfp0 (task at pid0; it allows code to be run with kernel privileges) via CVE-2019-8605 which is a bug that iOS 12.3 fixed. Then, on 28th June, he tweeted that he was successful in getting tfp0 on an iPhone 6S+ running iOS 12.2 which raised hope for an imminent iOS 12.2 jailbreak.
Finally, 16 hours ago, he made his Sock Puppet exploit public which ignited the race for the first iOS 12.1.3-12.2 jailbreak. Fast forwarding about an hour, pwn20wnd released unc0ver 3.3.0 Pre-Release which comes with support for jailbreaking iOS 12.1.3 to 12.2 (together with iOS 11.0+ support) after doing some testing a few days ago via Corellium’s virtualisation service.
Which devices are supported? Should I update now?
As of right now, details are still developing but some main points have been established which are:
- In its current form, the Sock Puppet exploit supports Apple A9-A11 devices which are referred to as non-PAC 16K devices
- Initially, it was thought that Apple A7/A8 devices (4K devices) were also supported but the exploit appears to be broken on these. Pwn20wnd has promised that he’ll look into it and it will hopefully be fixed similar to what happened with voucher_swap a few months back.
- As of right now, it doesn’t support Apple A12 devices as they have PAC so further work will be required for these to be jailbroken on iOS 12.1.3-12.2
- Chimera, a rival jailbreak to unc0ver which supports all devices on iOS 12.0-12.1.2, will soon be updated with support for iOS 12.1.3-12.2 through the Sock Puppet exploit on A7-A11 devices.
- There will be no support for A12 devices just yet although it’s recommended that those on A12 devices running iOS 12.1.3-12.2 don’t update as support might be added at a later date
- The exploit supports iOS 12.1.3 to iOS 12.2, all of which are unsigned and can’t be restored to.
- There’s been no word on whether it supports any iOS 12.3 betas
Regarding updating, it’s recommended to wait a while before updating to iOS 12.2 from a jailbroken version of iOS namely because of two things which are:
- Ongoing testing on the Fortnight bug which affects restores to iOS 12.1.x with the iOS 12.2/3 SEP. It is currently unknown whether a restore to iOS 12.2 with the iOS 12.3.1 (current) SEP is affected by this bug or not
- The bug consists of the inability to get past the lock screen after 2 weeks from the restore date. Apparently, it affects all devices and is only triggered if you have a passcode enbaled (Touch ID/Face ID require a passcode to function so if you have those enabled, the bug will be triggered as well)
- Not all tweaks and tools are updated with support for iOS 12.2 so it’s a good idea to at least wait a week or two before updating. Furthermore, unc0ver 3.3.0 is still in pre-release stage so there’s a higher chance of something going wrong and ending up in a bootloop
- If you decide to update, make sure you have SHSH blobs for iOS 12.2 and your n0nce set in case of any issues occuring!
If you’re on iOS 12.3/12.3.1, you’re out of luck but some developments may occur after iOS 12.4’s release as it will most probably patch some kernel vulnerabilities.
Conclusion
On a concluding note, there’s even more good news relating to iOS jailbreaking as pwn20wnd will be bundling @jakesashacks’ kernel-level jailbreak detection bypass named Shadowize RootFS with unc0ver 3.4.0 which will be released after iOS 12.1.3-12.2 support is stabilised.
Unc0ver 3.3.0 Pre-Release IPA (with support for iOS 12.1.3-12.2): https://github.com/pwn20wndstuff/Undecimus/releases
Pwn20wnd’s Patreon (for donating): https://www.patreon.com/Pwn20wnd
A
U
R
O
Z
E
T
T
Every article, everyday, you return over and over. You are clearly madly in love with her.
The writer of this article is not a her it’s a him.
So then you’re madly in love with him, thanks for clarifying.
wast me that answered you but yeah! i love that torappu! Dehtt loves *it*!