Luca Todesco releases 1-day WebKit RCE exploit for iOS 12

Hacker Luca Todesco recently released a new WebKit exploit for iOS 12 and above versions. This exploit could lead to a remote jailbreak in the future for jailbreak-able iOS versions. 

1-day WebKit exploit released for iOS 12

Out of the blue, Luca Todesco made public an RCE (remote code execution) exploit for WebKit, the web browser engine used by Safari, a few hours back.

The Italian hacker, who is a member of the Kim Jong Cracks Developer Team, posted the source code publicly on Ghostbin.  

This exploit is fully compatible with all current versions supported by rootlessJB. In addition, it also supports iOS 12.1.3 and 12.1.4 firmware versions that are currently not compatible with any public jailbreak tool.

Luca has jokingly labeled it as a 1-day exploit. But actually, it’s a 3-day exploit since WebKit patched the bug three days ago. Apple, on the other hand, is yet to release a patch for devices running the iOS mobile operating system.    

He also comments that it’s applicable to WebKitGTK as long as JIT (just-in-time compiler) is present.        

Nintendo Switch uses the WebKitGTK engine that is vulnerable to this exploit. However, it lacks a JIT, which, according to Luca is a must-have.    

JailbreakMe for iOS 12 could be in the works 

For the uninitiated, a WebKit exploit is a prerequisite for a JailbreakMe-style jailbreak, which gets triggered through the Safari mobile browser.   

Todesco stopped developing jailbreak tools a while ago. Nevertheless, the gifted hacker keeps dropping exploits and vulnerabilities every now and again.


Plenty of developers have packaged existing exploits with public WebKit bugs to release a remote jailbreak. Totally not spyware for iOS 10.0-10.3.3 and iOS 9 JailbreakMe are two cases in point.

So, there’s nothing stopping them from porting a full-blown iOS 12 jailbreak to a web-based Safari jailbreak.

Since iOS 12.1.3 and 12.1.4 are also vulnerable, this exploit will stay relevant for the entire iOS 12 jailbreak cycle.        

Leave a Reply

Share via
Copy link
Powered by Social Snap