iOS 11.4 and 11.4.1 Jailbreak Update
Misconceptions and the TRUTH about Unc0ver
Jailbreak iOS 11.4 (Public) Updates – On the heels of the iOS 11.3.1 and 11.4 beta jailbreak, new (false) rumors have cropped up. With the public eager to jailbreak the latest firmwares, fake information has recently circulated concerning 11.4. Let’s discuss the possibility of an iOS 11.4 (public) through iOS 11.4.1 jailbreak.
First, we need to understand the “news” in question. There are essentially two different stories that have been combined into one.
Update: New Sandbox Escape
Security researcher Min(Spark) Zheng recently confirmed he has a new sandbox escape exploit! But before you get too hyped, it’s not the only thing required for a jailbreak. Watch the above video for a complete breakdown of the latest news.
iOS jailbreak internals (2): Escaping sandbox using callbacks on iOS 11.4: https://t.co/xCsd107VrK More cases will be talked in #DEFCON26 pic.twitter.com/RT6xtb9Fbq
— Min(Spark) Zheng (@SparkZheng) August 9, 2018
Updated on 8/10/18 at 8:20am
Part 1: New Exploits
I’ll be presenting “Crashing to root: How to escape the iOS sandbox using abort()” at @bevxcon this September. I’ll show how to exploit CVE-2018-4280, fixed in iOS 11.4.1, by crashing maliciously in order to elevate privileges, defeat codesigning, and spawn a shell on iOS 11.2.6. pic.twitter.com/tRxLqD55fY
— Brandon Azad (@_bazad) July 30, 2018
Back on July 30th, hacker Brandon Azad posted a video and a quick write-up on twitter. Said video was a brief sandbox escape demo utilizing the exploit CVE-2018-4280 on an iPhone 7.
According to Apple’s iOS security update page (linked here), CVE-2018-4280 has the following impact: “An application may be able to gain elevated privileges”. Pretty solid stuff, right? Unfortunately, this single exploit is nowhere near enough to create a full fledged jailbreak. Furthermore Azad himself said that he won’t be detailing it until beVX Con 2018 (a security conference), which takes place toward the end of September.
Part 2: Pwn20wnd’s iOS 11.3.1 – 11.4 Jailbreak
The next story that people are merging with the first comes from former Electra Team member Pwn20wnd. Without delving into the drama between Pwn and Coolstar (the leader of the Electra Team), Pwn may be releasing his own jailbreak. Making waves recently with very cryptic tweets, Pwn will originally said the following:
Would you like a brand new *completely* open source jailbreak for the modern iOS that would be written from the ground? It would also be drama free and welcome to any contributor.
— Pwn20wnd (@Pwn20wnd) July 18, 2018
Ensuing that, Pwn was allegedly quoted in a Discord chat room as saying that he’ll release a jailbreak by the name of unc0ver.
Two reports and the misconception
This is where things get interesting. Select reports have come out stating that due to the fact that the previously mentioned exploit Azad discovered was patched in 11.4.1, it should work on the public version of 11.4. What’s more, the quantum leap has even been made that in light of this fact, Pwn’s jailbreak will work on the public version of 11.4. The first part of that assumption isn’t a leap at all (though it’s a little strange that Azad himself won’t even demo it on 11.4 and beVX Con), but the second part is an entirely different story.
Remember when we said that Azad’s exploit alone (and even the second CVE disclosed by Azad) wasn’t enough to either update or create a new jailbreak utility? That still very much holds true. It’s only a small piece of the puzzle.
More on Unc0ver Jailbreak
This basically means that Cydia will soon be as stable as any other package manager! https://t.co/ijnzGL7iMC
— Pwn20wnd (@Pwn20wnd) August 6, 2018
Furthermore if Pwn’s unc0ver jailbreak is released, it will likely include support for the same firmwares, being iOS 11.2 up to 11.3.1 and iOS 11.4 betas 1 – 3. He’s also stated that unc0ver will have a heavy focus on Cydia as the primary third-party package installer, but don’t get your hopes up just yet. If it’s ever released, unc0ver is still a ways off.
A new Jailbreak after Electra?
As I’ve said in past jailbreak updates, we likely won’t get a new jailbreak for the latest firmwares until after iOS 12 is released this fall. While it’s true that the only reason Electra exists is because a previously disclosed exploit was patched in 11.4, that exploit was fundamentally different than the ones submitted by Azad. So it’s an entirely different situation than what we have today. Electra relies on a low-level kernel exploit, as do all jailbreaks. Additionally Coolstar and the Electra Team had to do an extraordinary amount of work to get a functional jailbreak ready for public release.
So there you have it, there almost certainly won’t be a jailbreak that functions on firmwares past iOS 11.3.1 and 11.4 beta until after iOS 12’s release. While it’s certainly a bummer that these rumors aren’t true, at least there’s a flurry of activity on the jailbreak scene. Jailbreaking is far from dead! We’ll keep you updated any time anything changes, just be sure to follow us on social media.
Tap or click here to download the above wallpaper.
Any news on an untethered jailbreak…even back to iOS 10.2??