Luca Todesco Releases iOS 12.1.4 WebKit RCE Exploit (Jailbreak Update)

Italian developer and hacker Luca Todesco released a new WebKit which works with iOS 12.1.4 and below. The WebKit RCE exploit can be, potentially, utilized to remotely jailbreak iOS 12.1.4 in the future. Calling the WebKit RCE (Remote Code Execution) as a 1-day exploit, the bug facilitates remote code execution in the web browsers, potentially leading to a JailbreakMe-style jailbreak experience, that gets invoked through the Safari Mobile Browser. The WebKit RCE exploit works with all iOS versions supported by RootlessJB 3.1 and, additionally, also works on iOS 12.1.3 and iOS 12.1.4.

Luca Todesco WebKit RCE Exploit for iOS 12.1.4 and below

Luca Todesco posted the source code for the WebKit RCE Exploit publicly on Ghostbin. Please note that though the exploit is labeled as a 1-day exploit, it is actually a 3-day exploit since the bug was patched by WebKit 3 days ago. According to the developer, this exploit is also applicable to WebKitGTK as long as just-in-time (JIT) compiler exists.

webkit-rce-exploit-ios-12
iOS 12.1.4 WebKit RCE Exploit By Luca Todesco

You might be able to jailbreak your iPhone using Siri Shortcuts. Click here for more info.

What is a JailbreakMe-style jailbreak?

For those of you who don’t know, the JailbreakMe experience consists of visiting a specific website through the Safari Mobile Browser and have the jailbreak payload injected via the web. Hence, there is no requirement of installing an application on the iOS device. The WebKit RCE Exploit released by Luca Todesco will stay relevant during the entire course of iOS 12 jailbreaks starting from the initial iOS 12 version till iOS 12.1.4. Hence, we can expect a remotely executed jailbreak for iOS 12-12.1.4 coming up soon. Stay tuned with us for future updates.

Check out the following interesting posts as well:

LEAVE A REPLY

Please enter your comment!
Please enter your name here

All the data shown above will be stored by [iGeeksRadar] on [https://igeeksradar.com/]. At any point of time, you can contact us and select the data you wish to anonymize or delete so it cannot be linked to your email address any longer. When your data is anonymized or deleted, you will receive an email confirmation. We also use cookies and/or similar technologies to analyze customer behavior, administer the website, track users' movements, and to collect information about users. This is done in order to personalize and enhance your experience with us.

This site uses Akismet to reduce spam. Learn how your comment data is processed.