All the information related to the Phoenixpwn jailbreak for iOS 9.3.5 is now public. Here’s what you need to know about it.
Table of Contents
Morpheus makes public chapter 22.5
As you already know, Jonathan Levin aka Morpheus promised to release a chapter from his iOS Internals book for free. He has finally released the chapter for everyone to read.
It is called “chapter 22.5” so as not to break compatibility with earlier volumes of iOS Internals.
The information within this chapter reveals that Phoenixpwn utilizes two exploits to jailbreak iOS 9.3.5.
- OSUnserialize Infoleak
- mach_port_register
The OSUnserialize Infoleak exploit is a variant of Pegasus whereas Ian Beer’s mach_port_register is based on CVE-2016-4669 security vulnerability.
These exploits work only on iOS devices that use the ARMv7 architecture.
Jonathan Levin also explains in great detail all the hacking mechanisms employed by tihmstar and Siguza. If you want to learn more about iOS hacking and exploitation, this chapter is worth a read.
What happened behind the scenes?
It was actually 10n1c who inadvertently led to the creation of Phoenix jailbreak. For those who don’t know, Stefan Esser tweeted this a while back.
The reason why iOS 9.3.5 is so easy to jailbreak is because Apple did not correctly fix the powerful infoleak used by PEGASUS.
— Stefan Esser (@i0n1c) July 27, 2017
This tweet piqued the curiosity of eminent German hacker and developer tihmstar. He then began working on a 9.3.5 jailbreak alongside Siguza, the developer of cl0ver.
After tinkering around with Pegasus exploit, they finally developed this jailbreak in 2 weeks! This is the lowest turnaround time ever for a Dev team to release a working jailbreak.
If you haven’t used this tool already, be sure to follow this tutorial. Also, don’t forget to send some bitcoins to tihmstar and Siguza.
Now, all we need is i0n1c to tweet about iOS 10.3.1 firmware!
For more scene updates and releases, follow us on Facebook and Twitter.
