December 19, 2024
I0n1c Explains How His iOS 7.1.1 Jailbreak Works

I0n1c Explains How His iOS 7.1.1 Jailbreak Works

Posted May 19, 2014 at 3:09am by iClarified
Stefan Esser, a hacker known as i0n1c, has posted an explanation of how his jailbreak of iOS 7.1.1 works.

The jailbreak, which has not yet been released, is unique in that it uses a kernel bug which is hidden inside functionality that can be easily reached, even from within the iOS application sandbox.

This means that the exploit code can be used to break out of any application that you exploit. This is very different from nearly all of the kernel vulnerabilities used in iOS jailbreaks since iOS 4. There have been only 2 publicly disclosed vulnerabilities that had this power. The first has been used in comex's JailbreakMe3 and the other one is the posix_spawn() vulnerability disclosed by SektionEins during SyScan 2013 and later used by the jailbreak community in the p0sixpwn jailbreak.


Potential initial injection vectors for such an exploit are:
● exploit against an internal app like MobileSafari
● exploit against any vulnerable app from the AppStore
● exploit from within a developer/enterprise app

I0n1c says it is quite easy to deliver this exploit, especially because backed up applications do not go away and can be re-exploited in the future. He plans to show 'some instance' of this within the 'next weeks'.

The hacker also noted that with a jailbroken iOS 7.1.1 device it was possible to discover that the stack_guard stack canary vulnerability publicly disclosed in April 2013 is still unfixed in the latest iOS (and also Mac OSX) versions.

The bug in question allows a local attacker to call a target executable in a way that he controls the value of the stack_guard stack canary that is used to stop stack buffer overflow vulnerabilities from being exploitable. This vulnerability therefore renders the stack canary mitigation in iOS useless against local attackers. For iOS this means that local attacks (persistence/untethering) that rely on stack buffer overflows are suddenly exploitable again or easier to exploit, because the attacker can control the value of the stack_guard.


Check out the link below for more details or please follow iClarified on Twitter, Facebook, or RSS for any updates on the jailbreak's potential release.

Read More


I0n1c Explains How His iOS 7.1.1 Jailbreak Works
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (27)
You must login or register to add a comment...
iObligated
iObligated - May 21, 2014 at 12:21pm
Is there a link to the jailbreak? I've been itching to Jailbreak my iPod, instead of seeing all of these sites that use fake exploits.
1
dhp_devendra
dhp_devendra - May 21, 2014 at 10:49am
Got my iPhone 4 jb on iOS 7.1.1 with Geeksn0w. But its semitethered amd for iPhone 4 only. However, its successful in jailbreaking iPhone 4 on iOS 7.1.1. Plz make ur jb solution available to public for their benefit.
aljo
aljo - May 20, 2014 at 5:25pm
where can i download the jailbreak?
Gymcap
Gymcap - May 20, 2014 at 1:01pm
I apreciate them saving this for ios 8 so that apple wont be able to patch it but at the same time im pissed because my ios 7.0.4 crashed when i deleted some iad file and now im forced to update to 7.1.1 >.< i wish there could be some type of private beta for the jailbreak on 7.1.1 ;) Wishful thinking i guess
NeoPreacher
NeoPreacher - May 19, 2014 at 9:43pm
This information is quite useful for Apple to get knowledge of an big exploit in the Kernel,but also the Hackers do so what is more important surely for himself to show his skills. But it seems to be a big hint for everybody involved. The question is will there be another exploit saved for iOS 8 or will someone skilled give the jb to us? Come on and give us release! Until then put the balls back ;)
gamerscul9870
gamerscul9870 - May 19, 2014 at 10:04pm
The balls back just ruined it.
NeoPreacher
NeoPreacher - May 19, 2014 at 11:23pm
We will see....
poppintagZ
poppintagZ - May 19, 2014 at 7:09pm
I didn't understand any of what I just read. But a 7.1 jb would be cool.
brickhauzer
brickhauzer - May 19, 2014 at 7:05pm
If you mean slightly different than iOS 7 then yes, iOS 8 will be the experience of a lifetime.
Noman
Noman - May 19, 2014 at 5:23pm
Whats up talks about iOS 8.. how about first 7.2, 7.2.1, 7.3, 7.3.1, 7.3.2, 7.4, 7.4.1., 7.4.2, 7.5, 7.5.1, 7.6, 7.7, 7.7.1, 7.8, 7.9.1, 7.9.2, 7.9.3, 7.9.4, 7.9.5..... and then bugy iOS 8.0 and quickly after that 8.0.1.
gamerscul9870
gamerscul9870 - May 19, 2014 at 5:40pm
If iOS 6 lasted up to iOS 6.1.3 then so will 7, period.
Just release the jailbreak
Just release the jailbreak - May 19, 2014 at 5:18pm
if you not going to release it stop talking
Mike Power
Mike Power - May 19, 2014 at 3:00pm
why wait til ios 8, remember they are making a new A8 chip/processor so it may even be a little harder an time before you could really release a jailbreak for ios 8, I guess, I'm just saying crazy things here. just wondering if there will be any jailbreak release for 7.1.1.
vix
vix - May 19, 2014 at 2:09pm
I want to JB so I can use a bluetooth app to print to a Poloraid POGO; airblue is the app. I haven't really needed JB/unlock since tmobile became a blessed provider. However, I may need to go back to JB. So, is 5/7.1.1 JB working? Is this a confirmation?
gamerscul9870
gamerscul9870 - May 19, 2014 at 2:13pm
Thank you for pointing out the T-Mobile thing ;)
gamerscul9870
gamerscul9870 - May 19, 2014 at 12:35pm
What's worse is when Ismael asks ANYTHING here.
Diggy
Diggy - May 19, 2014 at 1:00pm
I have to disagree with you, politely. There are a lot of great reasons to jailbreak. Some of the indie developers that you find on Cydia are absolute genius in their implementations of their ideas. Usually these ideas are then stolen by Apple and implemented in later iOS versions, but they are poor measures compared to the original. I do agree with your point though that there are a lot of people out there that just want to make $30 to do exploit other people's hard work, but you'll find that everywhere around the world. The whole world is dependant on Geo-Political exploitation of certain people. That doesn't make it right, but it is prevalent in our society as a whole.
May I
May I - May 19, 2014 at 6:55am
So now u have told Apple what to look for and block in ios8 u may aswell release jb for ios7.1.1 cause Apple will deffo find and block this voneribility for sure now !
gamerscul9870
gamerscul9870 - May 19, 2014 at 10:54am
Why would they do that? They care about what users want and they even asked what they want for a smartphone. I doubt jb will end there.
P000TER
P000TER - May 19, 2014 at 6:53am
Job well done i0n1c
wahyu4ever
wahyu4ever - May 19, 2014 at 6:02am
I hope its not fake! And will be realese as soon as possible.
krusty22
krusty22 - May 19, 2014 at 5:32am
a Question to the developers/coders... My apologies if it's a silly question. But, what's the chances of this exploit being used to get the ATV3 jailbroken?
Kr00
Kr00 - May 19, 2014 at 7:44am
I seriously doubt it, as this exploit uses a vulnerability from within iOS apps. This can't be done on ATV3 as you can't download apps onto it.
1
Concerned Troll
Concerned Troll - May 19, 2014 at 4:34am
So basically this means, you're not gonna give us what we want. Just tease us.. Cool
1
gamerscul9870
gamerscul9870 - May 19, 2014 at 3:31am
There you all have it, not fake.
1
6italia0
6italia0 - May 19, 2014 at 3:18am
So does this mean there could be a potential bootrom exploit for A7 and below? via stack_guard vuln.? or is it just another useable exploit that can be used until apple fixes it? (fingers crossed for bootrom - tethered JB is always better than no JB)
1
hedge
hedge - May 19, 2014 at 3:16am
Wonderful... :D ;)
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS