Stefan Esser (aka i0n1c), a hacker behind iOS 7.1.1 jailbreak, has explained how he managed to hack his iPhone.
According to what i0n1c writes, his jailbreak uses a new kernel bug. This vulnerability differs from those that were used previously.
Here’s what he points out in his blog (via iClarified):
This means that the exploit code can be used to break out of any application that you exploit. This is very different from nearly all of the kernel vulnerabilities used in iOS jailbreaks since iOS 4.
In case you don’t know, i0n1c on Sunday shared a photo of a jailbroken iPhone 5c with iOS 7.1.1 on board running Cydia. Another hacker, Winocm, posted a video showing a jailbroken iPhone 4.
The jailbreak has not yet been released. I think we should wait for a while.
Good news for all jailbreakers -- iOS 7.1.1 has been jailbroken. According to the image shared by famous security researcher Stefan Esser aka i0n1c, the devices running iOS 7.1.1 can be successfully hacked.
What we can see on the image is an iPhone 5c running Cydia 1.1.9. Here’s what the hacker says about the jailbreak (via iClarified):
That iOS 7.1.1 jailbreak is not based on a long vulnerability chain. It uses a single beautiful kernel bug that goes from mobile to kernel.
A couple of minutes after i0n1c, another hacker -- Winocm -- posted a video of a jailbroken iPhone 4 running iOS 7.1.1. You can take a look at the clip below.
httpvh://youtu.be/5ApOhqiSZa0
The hacker claims that this jailbreak will work on other devices if ‘you put in the effort’.
I don’t know if the jailbreak for iOS 7.1.1 will become public or not. Anyway, let’s hope for the best.
Last month, chpwn revealed that his jailbreak would be reserved as a failbreak. That means it will be limited to jailbreak developers and won’t be released to the public. This is being done to make it easier to discover new exploits (which will be used for public release) in the future.
Famous hacker has already jailbroken the iPhone 5! Chpwn posted several photos via twitter. The pictures shows an iPhone 5 running iOS 6 with Cydia installed and Cydia home page on iPhone 5. Take a look:
PwnageTool 5.1.1 allows to create custom firmware and preserve modem version for unlock with ultrasn0w or Gevey. PwnageTool 5.1.1 supports all A4 devices:
iPhone 3GS
iPhone 4
iPad 1
iPod Touch 3G
iPod Touch 4G
Apple TV 2G
You can download RedSn0w 0.9.12b1 here and PwnageTool 5.1.1 here.
iOS 5.1.1 untethered jailbreak tutorial using Redsn0w is available here.
RedSn0w
redsn0w allows owners of A4+earlier devices to install rocky-racoon two different ways:
backup/restore method similar to Absinthe and cinject
its traditional limera1n-based ramdisk install. If you have a lot of media on your A4 device (music, movies, TV shows, etc), then the ramdisk method is preferrred because it avoids any possibility of later problems related to syncing to iCloud (including Photo Stream and Music Match). The ramdisk method is not available for A5 devices or later because limera1n can’t be used. If you’d like to use redsn0w’s ramdisk method, just be sure to put the A4 device in DFU or Recovery mode before starting redsn0w (otherwise it will immediately start to use the backup/restore method).
We’ve also added a new redsn0w feature specifically for those who got in on the SAM unlock: you can now include your SAM tickets as part of your initial ramdisk jailbreak of iPhone4 or earlier, or alternatively you can upload your SAM tickets to any device after its been jailbroken. redsn0w accepts either the individual SAM activation ticket plist file, or the entire zip file created by redsn0w’s “Backup” button. As usual, redsn0w continues to cover all of its previous jailbreaks and untethers (so redsn0w-0.9.12b1 covers everything from 5.1.1 all the way back to 4.1).
PwnageTool
PwnageTool also avoids any possible sync issues, but again it applies only to A4+earlier devices. If you unlock your iPhone with ultrasn0w or a commercial method, you must use PwnageTool to avoid updating your baseband otherwise you’ll lose the unlock. PwnageTool will also jailbreak+untether the AppleTV2,1 5.0_2B206f (unless you customize the IPSW further, you’ll have just basic SSH access to the device).
Although the iPhone Dev-Team already announced their own jailbreak of the device earlier today, they did not specify whether their jailbreak was tethered or untethered.
I0n1c’s jailbreak will likely work on all iOS 5.1 devices including the iPhone 4S if its released. Earlier this week he posted images of a jailbroken iPad 2 on iOS 5.1.
UPDATE: I0n1c posted a YouTube video to show the jailbreak:
Famous hacker I0n1c has just announced the successful jailbreak of iOS 5.1 on the iPad 2. He posted several prove pictures on Twitter.
No details yet, no dates for utilities and etc. No info whether this is jailbreak is untethered or not.
The exploit is probably in the OS and might be used for the iPad 3 jailbreak as well. I0n1ic hints, “Anyway so maybe the iPad 3 will not be jailbroken tomorrow, but on Monday or whenever I get my iPad 3.”