Renowned security team Pandora Lab recently demonstrated an iOS 12 jailbreak. Check out the video demonstration of the jailbreak below.
Table of Contents
iOS 12 jailbroken within 24 hours of its release
Within 24 hours of its release, security experts at the Ali Security Pandora Labs were able to jailbreak iOS 12. This jailbreak is fully untethered – meaning your device stays in jailbreak mode after a reboot.
According to the team, developing a jailbreak requires digging into the system to discover vulnerabilities to gain elevated access.
Researchers then utilize these security vulnerabilities to break through the system’s signature to bypass codesigning and mount the root filesystem as read/write.
The team of veteran security researchers posted the following video on its YouTube account.
— Yalu Jailbreak (@Yalujb) September 18, 2018
In the demo video, a Pandora Lab team member unlocks what possibly looks like an iPhone X, an A11 device.
Afterward, the hacker goes to Settings to show off the firmware version of the device and immediately opens the jailbreak app called “Pandora”, and then finishes a few final steps to completion.
Pandora Labs exploit the codesigning mechanism of iOS 12
According to Pandora Labs, iOS 12 patches the “AMFID signature hijacking” and “Fake trust cache” techniques for defeating codesigning.
Furthermore, Apple’s latest operating system also patches “forged valid mnt_data” and “delete /disk0s1s1 snapshot” techniques for accessing the root directory as read/write.
Yossi, a security researcher at Pandora Labs, claims that while Apple patches a lot of bugs and add new mitigation mechanisms each year, they are yet to fully secure their mobile operating system.
Even a firmware as secure as iOS 12 has plenty of vulnerabilities present; for instance, in signature checking and root filesystem. Attackers can easily make use of these security holes to bypass modern mitigation mechanisms.
iOS 12 moves the AMFI trust cache chain to a new area in the kernel to mitigate codesigning attacks. However, the system verifies only one of the two trust chain cache signatures whereas others still remain open to attackers.
Will Pandora Labs release an iOS 12 jailbreak tool to the public?
Just like Pandora Labs’ previous jailbreaks, this jailbreak will never see the light of day. It is a private jailbreak tool and the team will likely use it to claim a princely bounty from Apple.
For those who are new to the jailbreak scene, untethered or persistent exploits are worth their weight in gold and can easily fetch millions of dollars if sold to the right buyer.
With that being said, hackers Coolstar and Umang Raghubanshi possess some juicy zero-day vulnerabilities for iOS 12. Luca Todesco also has something cooking, so to speak, for the final version of iOS 12.
Once the iOS 12 ecosystem matures and more users jump onto the firmware, the hackers will surely be able to churn something out.