While we are all hyped up for the release of iOS 12.1.2 jailbreak, we might be witnessing some jailbreak related developments for iOS 12.1.4 too. Well known iOS hacker Luca Todesco who had been an active member of the jailbreak developer community in the last few years and had released Yalu jailbreak for iOS 10 and later has now released a WebKit RCE exploit. The exploit’s proof of concept is available on GhostBin. What makes this release special is the fact that this exploit could potentially allow remote code execution in web browsers with JIT.
The hacker has also revealed that the exploit was only fixed three days ago that means iOS 12.1.4, which is the latest available iOS version right now is also vulnerable to this exploit. The fact that a WebKit exploit has been made available is kind of a big deal and a rare occurrence. The publishing of this exploit could also potentially lead to a JailbreakMe style jailbreak, which would allow users to jailbreak their iOS devices through a Safari based web application.
While seeing the release of WebKit RCE exploit by Luca Todesco is exciting, it still seems far-fetched that it would materialize into a working web browser based jailbreak. However possibility of such a tool cannot be dismissed entirely.
Meanwhile we are still anxiously waiting for Pwn20wnd to drop the uncover jailbreak with support for iOS 12.1.2. We will update you once this jailbreak is available for download along with useful tutorials and more.