Today I have some good news for you all – a userland exploit in iOS 10.2.1 has just been discovered. Let’s find out how it could be used for a jailbreak.
Table of Contents
How iOS 10.2.1 Userland Exploit Works
Information security research is quite complicated and time consuming. Finding exploits in Apple’s iOS operating system is like travelling to the moon all by yourself.
This exploit proves that any system can still be exploited no matter how secure it is. Here’s how this userland exploit works.
- When connecting to a server over SSL, server signs the device to make sure it is secure.
- The “nameConstraints” section of the certificate can be changed to crash Apple’s certificate parsing mechanism.
- It crashes because the mechanism by which it decodes the certificate has a security loophole.
- iOS 10.2.1 firmware creates empty space in the RAM and stores the pointer to that part of the certificate.
- Even when the RAM is cleared, the pointer is still exists (dangling pointer).
- A hacker can then use this pointer to execute unsigned/malicious code.
In short, this means you can serve bogus certificates over SSL (Secure Sockets Layer) and run unsigned code in 10.2.1.
Is iOS 10.2.1 Jailbreak Under Development?
Everyone seems to be jumping aboard the hype train just because one exploit is found.
An exploit does not guarantee that a jailbreak can be developed for 10.2.1 firmware. A proper user-friendly iOS 10.2.1 jailbreak still seems far-off.
According to a rumor, Chinese developers are working on an iOS 10.2.1 jailbreak. However, there have been no updates so far regarding its status. It seems no considerable progress has been made on a jailbreak tool.
What Should you do right now?
Depending on your needs, here’s what you should do right now.
- If you are on iOS 10, 10.1.1, or 10.2, you can continue enjoying Yalu jailbreak.
- If you are on iOS 10.2.1, stay there and don’t update to iOS 10.3 if you want a jailbreak.
- If you have updated to iOS 10.3, go back to 10.2.1 asap. A downgrade is possible as Apple is still signing iOS 10.2.1.
- If you aren’t interested in a jailbreak, you can update to iOS 10.3 firmware.
Let’s hope whoever is working on 10.2.1 jailbreak releases it soon. A 10.2.1 jailbreak tool, if released for 32-bit devices, will be a game changer for sure.