iOS 11.3.1 Might Get A Safari-Based Jailbreak In The Form Of JailbreakMe 5.0
A relatively well-known developer and security researcher – Niklas Baumstark – has taken to Twitter to confirm that a bug released into the community is exploitable via Safari, information which could theoretically lead to the creation of a new JailbreakMe jailbreak experience for iOS 11.3.1 devices.
Niklas’ tweet confirms that he has “just exploited @i41nbeer’s bug via Safari RCE,” which suggests that someone with the relevant interest and skill set could take this knowledge and process further to build a web-based solution and release it into the community as JailbreakMe 5.0.
Further tweets from the security researcher then go on to mention the bug by its reference – CVE-2018-4233 – which is extremely interesting as Apple references that number as a WebKit bug raised by Samuel Groß of Trend Micro’s Zero Day Initiative, and not Ian Beer of Project Zero.
As clarified to me by Niklas himself, it seems that the process involves the exploiting of two bugs back-to-back, one by the aforementioned Samuel Groß and then the Ian Beer bug.
Well, it’s two bugs exploited in sequence. @5aelo‘s bug is used for RCE, then Ian’s bug is used for privesc
Regardless, it seems that there is a bug which is attributable to iOS 11.3.1 which, due to its nature, can be exploited via Safari, meaning that it could be possible for a very easy-to-use jailbreak to be released which doesn’t actually require an individual to sideload an IPA to their device or re-sign the app every seven days. Out of all of the jailbreaks ever released into the community, the original Safari-based JailbreakMe solution has most definitely been the most popular and easiest to use. In fact, it’s simplicity made it probably one of the most beautiful pieces of work and software architecture ever released into the jailbreak community.
Currently, other than a tweet and a few follow-up tweets, little is known about the intentions of Niklas and whether or not it will actually go any further. He is a well-known individual in security research circles having been present and highly successful at multiple Pwn2Own competitions. However, to the best of our knowledge, he hasn’t been credited or actively involved in any recent jailbreak activity. Maybe this is the time that someone else puts their head above the parapet and pushes something miraculous out into the jailbreak community.
Stay tuned for more on this one, as or if it develops.