So how does the jailbreak work ? i0n1c elaborates, noting that the kernel exploit can “easily reached even from within the iOS application sandbox,” and as such, “the exploit code can be used to break out of any application that you exploit.” Of all the post-iOS 4 jailbreaks, only Comex’s JailbreakMe 3.0 and the more recent p0sixspwn jailbreaks have been able to do this, and with iOS 8 on the horizon, this a very encouraging bit of progress.
The most promising tidbit of info to take away from i0n1c’s explanation, however, is that the exploit is apparently very easy to deliver, and we could be in line for a partial demonstration clip of how it all works in the next couple of weeks.
- Potential initial injection vectors for such an exploit are:
- exploit against an internal app like MobileSafari
- exploit against any vulnerable app from the AppStore
- exploit from within a developer/enterprise app
Considering that there is no month without some Safari/WebKit vulnerability becoming public and that many AppStore applications are linking against old and vulnerable libraries it is therefore quite easy to deliver this exploit. Especially because applications downloaded from the AppStore and put into a backup do not go away and can be re-exploited in the future. We will show this within the next few weeks.
You can read i0n1c full article here. iOS 7 users still have a great hope but no one know when hackers will release the jailbreak. S we will keep you updated with anything new..
