WebKit-RegEx-Exploit, which was released a few days back, could possibly be used to develop an iOS 12 jailbreak. Here’s all you need to know about this latest development.
Table of Contents
Safari exploit for iOS 12.1 and below released
On December 6, Apple hacker Linus Henze made public WebKit-RegEx-Exploit – a 0-day exploit for iOS 12.1 and below.
Although this exploit is fixed in the latest version of the WebKit engine, it still works on mobile Safari’s latest version.
Despite Apple’s stringent security measures, there’s not a single iteration of iOS 12 that isn’t vulnerable. Further, all versions since macOS 10.14.0 are vulnerable as well.
Want a free Safari 0day? (Ok, it's actually a 1day because it's fixed in the latest WebKit version, but it still works in the latest version of Safari) Then go to https://t.co/CD9IwHUQP8
Please don't do evil stuff with this.
— Linus Henze (@LinusHenze) December 6, 2018
Interestingly, the WebKit-RegEx-Exploit also works on iOS 12.1.1 – the latest stable firmware version of iOS 12. However, it’s effectively useless because iOS doesn’t support shellcode loading out-of-the-box.
Implementing shellcode is not an easy task by any means. Nevertheless, Linus, an accomplished hacker from Germany, is confident that he can build shellcode loading into iOS at a later stage.
iOS 12 jailbreak progress so far
Renowned whitehat security researcher Min Zheng has confirmed that this exploit could be used to develop a remote jailbreak.
For those who aren’t familiar with hacker jargon, a remote jailbreak or an “RJB” is one that can be used to hack a device over the air through Safari.
It can be used in a RJB~👍 https://t.co/V3wmIdbszX
— Min(Spark) Zheng (@SparkZheng) December 8, 2018
Fortunately, things are picking up in the jailbreak community – all thanks to hackers like Linus Henze and Ian Beer. WebKit-RegEx-Exploit for Safari, though useful, can’t lead to a full-blown jailbreak unaccompanied by other vulnerabilities and exploits.
We still require a powerful kernel exploit that can put a real dent in iOS 12’s security infrastructure.
If you are still on iOS 11.4 (final) or above, upgrade your Apple device to iOS 12.1 if you haven’t already.
The first beta update of iOS 12.1.2 will go public sometime during the next week, and chances are high that Apple will stop signing iOS 12.1 for all compatible devices.
Is it still possible to JB on 11.3.1? I tried Electra but ignition changed. Are there any updated instructions? Thanks.
You can use TutuApp to get Electra on iOS 11.3.1.
Hello, is it worth staying on iOS 10.3.2 because of the Jailbreak, or is it better to update pro ios 12.1 and wait for this new Jailbreak?
I would recommend staying on iOS 10.3.2 and saving SHSH blobs for iOS 12.1.
Thanks for Replying!
You’re welcome Karim.
Is updating to 12.1 reducing the chances to have a jailbreak
I would recommend staying on iOS 12.0.1 or below.
My version is 12.0.1 Should I update to 12.1 to have a jailbreak?
For those who have an iPhone XS Max with IOS 12, must upgrade to 12.1 or can you stay still?
Stay on the lowest version possible unless you want to use any of the functionality present in later versions.
So it will work on 12.1.1?
Yes, it will.