iOS 10.2 Jailbreak And Why You Should Save SHSH2 Blobs Right Now

Could there be a possibility of an iOS 10.2 jailbreak making its way into the public domain sooner rather than later? The current Yalu + Mach_Portal jailbreak, which liberates select 64-bit devices running iOS 10.0.x to 10.1.1 from Apple’s walled garden, is still very much in beta, and thus recommended for advanced users and developers only.

And now with iOS 10.2.1 release on the horizon, a series of tweets from Luca Todesco recommends those interested in jailbreaking to save SHSH2 blobs for iOS 10.2 right now in case an iOS 10.2 jailbreak does show up in future.


Italian developer and security researcher Luca Todesco has been involved in the jailbreak community for as long as we can remember in one form or another. In the last twelve months or so, he has managed to propel himself into being one of the most prominent members of the community through his tiresome work and dedication to finding vulnerabilities and bugs in iOS that can be exploited to produce functioning jailbreaks for Apple’s mobile devices.

His latest work is there for all to see with the release of Yalu + Mach_Portal for iOS 10.0.x – 10.1.1, but recent tweets from him have raised excitement up for a future jailbreak on iOS 10.2.

Suggestion: keep 10.1/10.2 blobs real close on pre7 64 bit.

This obviously sparked a discussion about whether or not he knew something the rest didn’t about the potential of an iOS 10.2 jailbreak. Another tweet from him however has played down the excitement about the jailbreak at the same time as actually fueling the speculation fire:

A jailbreak for 10.2 is not planned, but it is still vulnerable to the underlying technique used, so it’s the second best fw.

He has went on to further clarify that in couple of more tweets:

10.2 is vuln to my KPP thing. Not blowing 0days for it 😉

By that I imply that KPP alone is not enough: I am not supplying any other missing part.

What we can deduce from all this is that the KPP technique Luca used in current Yalu + Mach_Portal jailbreak for iOS 10.0.x to 10.1.1 is still vulnerable in iOS 10.2, but that alone isn’t enough to achieve the full jailbreak in iOS 10.2. And while he has undisclosed 0days, which when combined with his already public KPP, can supposedly produce full jailbreak on iOS 10.2, he doesn’t want to blow it away for another public jailbreak.

The likely good news here is that someone else, like the Pangu Team, can pick up on his progress made on iOS 10.2 to hopefully produce a fully functionality public jailbreak.

It’s a long shot, yes, but there’s some progress made there already and hopefully it’s only a matter of time before someone picks up on the work he has left off on iOS 10.2 to create a full jailbreak. The current iOS 10.0.x – 10.1.1 jailbreak happened the same way as well after a member of Google’s Project Zero team released the exploit for iOS 10.1.1, which Luca combined it with his KPP to produce Yalu + Mach_Portal jailbreak for iPhone 7 and other devices.


We have seen it happen in the past, so it can happen again. And so like Luca, we will suggest all those who care about jailbreaking to save their SHSH2 blobs for iOS 10.2 right now while Apple is still signing it so that they can downgrade or upgrade to the firmware using Prometheus whenever a jailbreak for it is available, even if Apple ends up patching it in iOS 10.2.1 or later firmwares.

For instructions on how to save SHSH2 blobs, check out our guide on it here.

(source: Qwertyoruiopz [Twitter])

You might also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.