GasGauge “Jailbreak” Exploit For iOS 9.3.2 And iOS 9.3.3 Beta Released
Historically speaking, the general rule of thumb from a developer perspective in the jailbreak world is that if you discover an exploit that can be used to produce a jailbreak, then you keep it under wraps for as long as possible. That rule doesn’t seem to apply to one Italian developer Luca Todesco, who has decided to release his ‘GasGauge’ 0day exploit that is applicable to iOS 9.3.2, iOS 9.3.3 betas, and below.
The release seems to have triggered by the fact that Apple has “went hard on security” with the release of iOS 10 beta, meaning that this particular 0day exploit which was used by Luca to demo a number of jailbreaks is no longer applicable going forward.
Todesco, who is probably better known by his online social media handle of @qwertyoruiopz, has pasted the raw “GasGauge race condition yielding double free” exploit code to Ghostbin for all to see and analyze, and of course, use however they want if they have the technical knowledge to actually understand the code dump and actually do something useful with it, like making a public jailbreak tool, for example. The release was made known to the public via Todesco’s Twitter account with the acknowledgement that this is an applicable 0day exploit for iOS 9.3.3, which is currently still in its beta cycle, and lower firmwares.
As previously mentioned, the catalyst for this release at this particular time seems to stem from the fact that Apple has made significant security-based improvements with the release of iOS 10.
As a developer, Todesco has obviously had a chance to look into the iOS 10 beta 1 codebase, and has acknowledged via a second tweet that Apple “has killed both of my jailbreak chain, gasguage was in one”. “iOS 10 went hard on security”, said Todesco via a tweet. “Basically all the techniques I relied on are broken. Need to start from scratch.”
Before anyone goes and gets excited, there’s a few things to take note of here. First of all, the release of the GasGauge 0day isn’t actually a functioning jailbreak. Rather, it’s an exploit that grants arbitrary alloc and free primitives that could be used by a seasoned, experienced jailbreak developer with a sandbox escape to produce a working jailbreak for compatible firmware versions, should they see fit to do so. Secondly, it also gives us an insight into the future of jailbreaking with iOS 10, which if Todesco’s tweets are anything to go by, could potentially be a minefield of difficulty.