Italian developer and hacker Luca Todesco released a new WebKit which works with iOS 12.1.4 and below. The WebKit RCE exploit can be, potentially, utilized to remotely jailbreak iOS 12.1.4 in the future. Calling the WebKit RCE (Remote Code Execution) as a 1-day exploit, the bug facilitates remote code execution in the web browsers, potentially leading to a JailbreakMe-style jailbreak experience, that gets invoked through the Safari Mobile Browser. The WebKit RCE exploit works with all iOS versions supported by RootlessJB 3.1 and, additionally, also works on iOS 12.1.3 and iOS 12.1.4.
Luca Todesco WebKit RCE Exploit for iOS 12.1.4 and below
Luca Todesco posted the source code for the WebKit RCE Exploit publicly on Ghostbin. Please note that though the exploit is labeled as a 1-day exploit, it is actually a 3-day exploit since the bug was patched by WebKit 3 days ago. According to the developer, this exploit is also applicable to WebKitGTK as long as just-in-time (JIT) compiler exists.
You might be able to jailbreak your iPhone using Siri Shortcuts. Click here for more info.
What is a JailbreakMe-style jailbreak?
For those of you who don’t know, the JailbreakMe experience consists of visiting a specific website through the Safari Mobile Browser and have the jailbreak payload injected via the web. Hence, there is no requirement of installing an application on the iOS device. The WebKit RCE Exploit released by Luca Todesco will stay relevant during the entire course of iOS 12 jailbreaks starting from the initial iOS 12 version till iOS 12.1.4. Hence, we can expect a remotely executed jailbreak for iOS 12-12.1.4 coming up soon. Stay tuned with us for future updates.
Check out the following interesting posts as well:
- Download Packager 0.1 for RootlessJB on iOS 12 (Guide).
- How to Install Cydia Tweaks on iOS 12.1.2 – iOS 12 with RootlessJB.