Just yesterday, we reported that hacking guru tihmstar was tinkering with an exploit targeting a subset of iOS 11.4 and 11.4.1 devices that sported headphone jacks. At the time, tihmstar only had kernel read access but was still working on kernel offsets and write access.
Tfp0 is fundamentally a kernel task port that permits arbitrary reads and writes to the device’s kernel memory, and this is particularly central to jailbreak development. As you might recall, the exploit Ian Beer released that facilitated the iOS 11 jailbreak was of the tfp0 variety.
We can gather from tihmstar’s Tweet that the exploit is nearly complete, but some cleanup remains to prevent unwanted kernel panics. What’s more is hacker and unc0ver lead developer Pwn20wnd replied to the Tweet with interest in implementing tihmstar’s new exploit in a future unc0ver update.
Pwn20wnd confirmed this again in a post made on /r/jailbreak:
There’s no official word yet concerning whether Electra will adopt support.
While this is potentially good news for folks who might be waiting on iOS 11.4 or 11.4.1 for a jailbreak, it’s worth noting that tihmstar’s exploit only works on handsets with a headphone jack. This caveat means that some devices, like those powered by Apple’s A10 and A11 chips, aren’t supported.
Devices powered by Apple’s A10 chip include the iPhone 7, iPhone 7 Plus, and 2018 iPad models, while devices powered by Apple’s A11 chip include the iPhone 8, iPhone 8 Plus, and iPhone X. A12-powered devices don’t support iOS 11 at all, excluding them from consideration entirely.
Those using iOS 12 instead of iOS 11.4 or 11.4.1 must continue waiting for a public jailbreak. While there’ve been several captivating iOS 12-centric exploit announcements in recent memory, there is no official word of anyone working on an iOS 12 jailbreak as of yet.
As prominent members of the jailbreak community have expressed previously, anyone eager to jailbreak should stay on the lowest possible firmware instead of installing Apple’s frequent firmware updates. Updates tend to patch the vulnerabilities hackers use to achieve a working jailbreak, and installing them makes exploiting your device more challenging (this is good or bad, depending on how you look at it).
At the time of this writing, Electra and unc0ver continue to be the latest public jailbreak tools available, and both support iOS 11.0-11.4 beta 3.
Are you excited about tihmstar’s new exploit? Discuss in the comments below.