Security researcher @wh1te4ever shared a particularly interesting tidbit via their 𝕏 (formerly Twitter) social media account this weekend of what appears to be a WebKit-based re-jailbreak demonstration for iOS 12 devices.
The demo, which we’ve embedded above for your viewing pleasure, features an iPhone 5s running 12.5.7 and jailbroken by way of the semi-untethered Chimera jailbreak, shows @wh1te4ever proving that the iPhone is in a non-jailbroken state after jailbreak apps simply crash when attempting to launch them.
Then, with a quick launch of the Safari web browser to a page containing a button that triggers the WebKit exploit on demand, the security researcher taps on a “pwn” button to instantly re-jailbreak their device. A pop-up appears, after which the user begins launching jailbreak apps again, proving the success to the tool.
According to the post, the proof-of-concept only supports the above device and firmware combination at this time, so it would need to be updated to support more device and firmware combinations. Another worthwhile note is that @wh1te4ever says there are still “many issues that need to be fixed,” without getting into the details.
While there aren’t a lot of people using iOS 12 these days, it’s certainly a lot more common than the likes of all the older legacy firmware jailbreaks we’ve been witnessing as of late, such as the recently released Aquila untethered jailbreak for iOS 6. With that in mind, this has the potential to be used if ever released.
WebKit exploits have been used to make jailbreaks in the paste (remember the JailbreakMe website-based jailbreak?) but this is the first time I can remember someone using a WebKit exploit to create a re-jailbreaking utility for existing semi-untethered jailbreaks.
It’s an interesting concept, as semi-untethered jailbreaks can simply initiate a re-jailbreak from the jailbreak app post-reboot, but when those apps become unsigned, the WebKit-based re-jailbreak tool keeps working while the unsigned jailbreak app stops working until re-signed again.
There’s currently no ETA for when @wh1te4ever might finish this project, and it remains to be seen if it will ever be released to the public. Should any of these details become apparent, we will let our readers know.
