zecOps Research Team has announced “FreeTheSandbox” project that aims to liberate every sandboxed device. The new-found project also aims to release vulnerabilities for an iOS 12.4.1 jailbreak.
Table of Contents
FreeTheSandbox project aims to pwn iOS 12.4.1
Renowned security researcher Zuk Avraham has announced FreeTheSandbox project for pwning iOS 12.4.1 and later firmware versions.
The project aims to reward iOS hackers with bounties up to $40k for exploits that have been patched in iOS 13 or 13.1. Private vulnerabilities that affect iOS 13 or 13.1 operating systems will fetch an even higher bounty.
Though ZecOps focus on digital forensics, Avraham urges all iOS users who missed the iOS 12.4 signing window to keep their devices on iOS 12.4.1 firmware.
The reason being that the hacker intends to release LPE (Local Privilege Escalation) granting bugs for the jailbreak community.
Here’s what the official ZecOps handle tweeted a few hours ago.
#FreeTheSandbox UPDATE: If you missed the 12.4 signing window and wish to investigate/analyze your device, – keep it on 12.4.1. We plan to release LPE granting TFP0 to enable iOS DFIR investigations. The bugs can also be used as a jailbreak for those who are interested.
— ZecOps (@ZecOps) September 14, 2019
For what it’s worth, ZecOps Research Team’s TFP0 patch is also compatible with the beta version of the all-new iOS 13 operating system. However, it requires additional porting for the stable version.
Surprisingly, there has been no word regarding A12/A12X support, even as most of the users who missed the signing window own an iPhone XS (Max), XR, or third-generation iPad Pro.
When will iOS 12.4.1 jailbreak be released?
While the development has already started, it will still take the team several months to make their exploits public.
It’s worth noting that ZecOps is a security research company, not a jailbreak development team.
Furthermore, the security firm has a strict no-resell clause that forbids other parties from reselling its vulnerabilities and exploits.
So, the team will likely go the long route of disclosing their exploits to Apple’s security team in exchange for a bounty before making them public.
If you are using iOS 12.4.1, sit tight and keep a watchful eye out for Apple’s security notes pertaining to the latest firmware releases.