Stefan Esser, a hacker known as i0n1c, has posted an explanation of how his jailbreak of iOS 7.1.1 works.
The jailbreak, which has not yet been released, is unique in that it uses a kernel bug which is hidden inside functionality that can be easily reached, even from within the iOS application sandbox.
This means that the exploit code can be used to break out of any application that you exploit. This is very different from nearly all of the kernel vulnerabilities used in iOS jailbreaks since iOS 4. There have been only 2 publicly disclosed vulnerabilities that had this power. The first has been used in comex's JailbreakMe3 and the other one is the posix_spawn() vulnerability disclosed by SektionEins during SyScan 2013 and later used by the jailbreak community in the p0sixpwn jailbreak.
Potential initial injection vectors for such an exploit are: ● exploit against an internal app like MobileSafari ● exploit against any vulnerable app from the AppStore ● exploit from within a developer/enterprise app
I0n1c says it is quite easy to deliver this exploit, especially because backed up applications do not go away and can be re-exploited in the future. He plans to show 'some instance' of this within the 'next weeks'.
The hacker also noted that with a jailbroken iOS 7.1.1 device it was possible to discover that the stack_guard stack canary vulnerability publicly disclosed in April 2013 is still unfixed in the latest iOS (and also Mac OSX) versions.
The bug in question allows a local attacker to call a target executable in a way that he controls the value of the stack_guard stack canary that is used to stop stack buffer overflow vulnerabilities from being exploitable. This vulnerability therefore renders the stack canary mitigation in iOS useless against local attackers. For iOS this means that local attacks (persistence/untethering) that rely on stack buffer overflows are suddenly exploitable again or easier to exploit, because the attacker can control the value of the stack_guard.
Check out the link below for more details or please follow iClarified on Twitter, Facebook, or RSS for any updates on the jailbreak's potential release.
Got my iPhone 4 jb on iOS 7.1.1 with Geeksn0w.
But its semitethered amd for iPhone 4 only.
However, its successful in jailbreaking iPhone 4 on iOS 7.1.1.
Plz make ur jb solution available to public for their benefit.
I apreciate them saving this for ios 8 so that apple wont be able to patch it but at the same time im pissed because my ios 7.0.4 crashed when i deleted some iad file and now im forced to update to 7.1.1 >.< i wish there could be some type of private beta for the jailbreak on 7.1.1 ;)
Wishful thinking i guess
This information is quite useful for Apple to get knowledge of an big exploit in the Kernel,but also the Hackers do so what is more important surely for himself to show his skills. But it seems to be a big hint for everybody involved. The question is will there be another exploit saved for iOS 8 or will someone skilled give the jb to us? Come on and give us release! Until then put the balls back ;)
Whats up talks about iOS 8.. how about first 7.2, 7.2.1, 7.3, 7.3.1, 7.3.2, 7.4, 7.4.1., 7.4.2, 7.5, 7.5.1, 7.6, 7.7, 7.7.1, 7.8, 7.9.1, 7.9.2, 7.9.3, 7.9.4, 7.9.5..... and then bugy iOS 8.0 and quickly after that 8.0.1.
why wait til ios 8, remember they are making a new A8 chip/processor so it may even be a little harder an time before you could really release a jailbreak for ios 8, I guess, I'm just saying crazy things here. just wondering if there will be any jailbreak release for 7.1.1.
I want to JB so I can use a bluetooth app to print to a Poloraid POGO; airblue is the app. I haven't really needed JB/unlock since tmobile became a blessed provider. However, I may need to go back to JB.
So, is 5/7.1.1 JB working? Is this a confirmation?
I have to disagree with you, politely. There are a lot of great reasons to jailbreak. Some of the indie developers that you find on Cydia are absolute genius in their implementations of their ideas. Usually these ideas are then stolen by Apple and implemented in later iOS versions, but they are poor measures compared to the original. I do agree with your point though that there are a lot of people out there that just want to make $30 to do exploit other people's hard work, but you'll find that everywhere around the world. The whole world is dependant on Geo-Political exploitation of certain people. That doesn't make it right, but it is prevalent in our society as a whole.
So now u have told Apple what to look for and block in ios8 u may aswell release jb for ios7.1.1 cause Apple will deffo find and block this voneribility for sure now !
a Question to the developers/coders... My apologies if it's a silly question. But, what's the chances of this exploit being used to get the ATV3 jailbroken?
So does this mean there could be a potential bootrom exploit for A7 and below? via stack_guard vuln.? or is it just another useable exploit that can be used until apple fixes it?
(fingers crossed for bootrom - tethered JB is always better than no JB)
![Apple to Revamp Calculator App for macOS 15 [Rumor]](/images/news/93368/93368/93368-160.jpg "Apple to Revamp Calculator App for macOS 15 [Rumor]")
![New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]](/images/news/93314/93314/93314-160.jpg "New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]")
![Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]](/images/news/93302/93302/93302-160.jpg "Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]")
![AirPods Pro 2 With USB-C On Sale for $189! [Deal]](/images/news/92932/92932/92932-160.jpg "AirPods Pro 2 With USB-C On Sale for $189! [Deal]")
![iPad Mini 6 On Sale for Just $375! [Lowest Price Ever]](/images/news/93207/93207/93207-160.jpg "iPad Mini 6 On Sale for Just $375! [Lowest Price Ever]")
