Min Zheng: Latest WebKit Exploit Can Be Used For Remote Jailbreak, iOS 12/macOS 10.14 XNU Source Code Released
Remember developer and security researcher Linus Henze’s (@LinusHenze) announcement via Twitter regarding an exploit that exists within Safari for iOS and macOS and which affects iOS 12.1 and below? Well, Alibaba’s Min(Spark) Zheng (@SparkZheng), a prominent figure in the jailbreak community, confirmed that the latest WebKit exploit can be used for a remote jailbreak.
Is this a clear sign that an iOS 12 jailbreak is indeed coming soon?
Last week, Linus made public an exploit that exists within Safari for iOS and macOS and which affects iOS 12.1 and below. The bug itself manifests itself in the way RegEx is matched and handled on affected platforms. And with the exploit, anyone with the right knowledge and skill set could potentially put together another JailbreakMe-esque creation that would allow devices to be liberated directly from within Safari on an iOS device.
Want a free Safari 0day? (Ok, it's actually a 1day because it's fixed in the latest WebKit version, but it still works in the latest version of Safari) Then go to https://t.co/CD9IwHUQP8
Please don't do evil stuff with this.
— Linus Henze (@LinusHenze) December 6, 2018
A few days later, Zheng announced via Twitter his findings regarding Linus’ exploit. According to him, the exploit released Linus can be used in a remote jailbreak.
So far, the tweet made by Zheng currently has 15 retweets and 133 likes. On its comment section, Twitter users have commented:
“But how reliable would it be” –Devine (@DevinCream)
“You will develop it?” –RJ Scanlon (@RJ_Scanlon)
“Or RCE. Depends on how you use this. When you’re wielding an axe, you can either be a fireman breaking down a door or an axe murdered (emoji)” –Chaitanya Sharma (@ChaitanyasRants)
“@SparkZheng but we need a reliable kernel bug(sorry’s or Ian’s)…and coretrust and a failproof remount(risky as fail=update)..maybe if corellium helped 🙂” –Avimanyu Roy
There were other comments as well. However, Zheng hasn’t replied to any of the comments. But at least someone like him, a prominent figure in the jailbreak community, shared his thoughts about Linus’ exploit. Hopefully, an iOS 12 jailbreak will be released soon.
The XNU Source Code
On other recent news, Zheng also announced via Twitter that the iOS 12/macOS 10.14 XNU source code has finally been released. He also attached a link so you don’t have to worry about searching for it.
Finally, iOS 12/macOS 10.14 XNU source code released…: https://t.co/Ig6PBDS0Sd
— Min(Spark) Zheng (@SparkZheng) December 10, 2018
What about you? Have you tried Linus’ exploit? What were your findings? Do you share Zheng’s conclusion? Will this eventually lead to an iOS 12 jailbreak? Tell us in the comment section below.