iH8sn0w and winocm released the much awaited untethered jailbreak for iOS 6.1.3 – 6.1.5 for A5+ devices earlier today.
Unfortunately, it looks like the jailbreak community may have to pay a heavy price for it as pod2g has just revealed that one of the exploits used in the untethered iOS 6.1.3 – iOS 6.1.5 jailbreak was highly valuable and could have been useful to jailbreak future iOS versions.
Nice! @winocm and @iH8sn0w burnt a highly valuable root exploit that would have worked for future iOS versions for a stupid 6.1.5 jailbreak.
— pod2g (@pod2g) December 30, 2013
. @DoubleYou_dev of course, but they could have used the same injection vector as ours?
— pod2g (@pod2g) December 30, 2013
Probably that you don't understand when I say highly valuable. It's something jailbreakers refused to use for years. Was found by @comex…
— pod2g (@pod2g) December 30, 2013
It’s not clear why iH8sn0w and winocm decided to use the exploit as they had been holding off releasing the jailbreak for A5+ devices to ensure they don’t end up burning exploits that could be useful for future iOS versions.
Based on pod2g’s comment it looks like it could make future jailbreaks even more difficult, however it doesn’t mean it would be impossible. It also must be noted that Apple could have also patched the exploits in future versions, so the decision to keep such exploits or to burn them can be a difficult decision, but as pod2g has mentioned, they should have ideally used the same exploit that was used in evasi0n7.
It would have been nice if there was some level of coordination and trust in the jailbreak community as pod2g could have flagged this off before the jailbreak was released.
Update:
iDesignTimes managed to speak to pod2g and comex regarding the situation. comex had this to say about the burnt exploit:
“It makes things more difficult, but not impossible.”
pod2g provided more details about why the exploit was valuable:
They talked a lot of sh– about us, but now they’ve burnt valuable stuff just for 6.1.x … nobody looked at their jailbreak tool, but they burnt something allowing root on all devices without any effort. Something that jailbreakers were aware of for years now. Something that’s usually the entry point for jailbreak research on new iOS versions and devices. Root code execution. Something that usually requires multiple exploits to achieve.
Implications are that it’ll make life of jailbreakers even harder for future iOS jailbreak developments. And I suppose that we’ll never find another root execution and injection exploit of this kind in the future. Basically, it allows files to be made available in the device file system (injection) and allows to execute code as root. For example, we could setup afc2 on new iOS versions to play with the file system and find vulnerabilities. [..]
[..] A jailbreak is a whole chain of exploits … that exploit of @comex’s that we did not want to burn in evasi0n7 [would require] 5 vulnerabilities to do the same thing. That’s why it is so valuable. The fact that Apple did not patched it in years also is important. It means that it is probably the last thing you’d like to burn when there’s nothing remaining.
iH8sn0w and winocm are yet to comment on the matter.
We won’t be surprised if Apple fixes this exploit in iOS 7.1 along with the ones used in the evasi0n7 jailbreak.
What do you think? Let me know your thoughts in the comments below.
No comments:
Post a Comment