Jbme102 iOS 10.2 Jailbreak Coming After iOS 10.3, Will Be Safari-Based, Won’t Require 7-Day Signing

Well known developer and iOS security researcher Luca Todesco of yalu1011 and yalu102 jailbreak fame has announced that he might release a Safari browser-based JailbreakMe-style jailbreak for iOS 10.2 firmware. This new jailbreak solution will apparently not require any 7-day resigning of the jailbreak: “as solution to the 7 days thing, jbme102 may become a thing when 10.3 gets released”.

He further went on to confirm that he was in fact the “mystery man” behind Saurik’s now-failed Cydia Extender tool.

As you may already know by now, Cydia Extender was originally supposed to bring a solution for 7-day signing issue on IPA-based semi-tethered jailbreaks when installing through Cydia Impactor, only for Saurik and Luca to later realize that it worked with paid developer accounts only: “I was saurik’s “mistery man” for his thing, but didn’t find time to pull it off. Now I have time and 1day, so I’d rather do it jbme style.” 

It’s currently unknown as to why is Luca waiting for Apple to drop iOS 10.3 to public before releasing jbme102. Maybe because he wants to see if Apple will patch the exploit or not in final version of iOS 10.3 before making it public?

Speaking of exploits, it’s likely that jbme102, if ever released, will be using an exploit which Luca only recently wrote for 1day WebKit: “Wrote an exploit for a WebKit 1day. And for f*ck’s sake PS4 unaffected because WebKit is too old.” 

The type of devices supported by this new jailbreak is anybody’s guess at this point, but if Luca’s most recent yalu102 jailbreak is anything to go by, it is likely that most, if not all, 64-bit iPhone, iPad and iPod touch devices will be supported by this jailbreak running iOS 10.2 firmware.

As always has been the case though, we will keep you updated as and when we get to know more about this jailbreak, including the time it drops for public consumption. Stay tuned for more.

(source: @qwertyoruiopz [Twitter])

Update x1: Luca now says that he has cancelled jbme102 because he didn’t realize that Kernel exploit he wrote worked in 32-bit browsers only.

I forgot that Yalu’s kernel exploit must run as 32 bit or with a crafted 64 bit mach-o to work. So jbme102 cancelled.

I just blew the whole night for nothing lel

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.