Electra iOS 11.3.1 Jailbreak has been delayed, Here's why

Many people are still waiting for Electra iOS 11.3.1 jailbreak and probably asking why that much delay for the public release of the jailbreak tool, if you want to know why we've got some answers that may satisfy you.

A reddit user called Samg_is_a_Ninja explains why Electra iOS 11.3.1 jailbreak hasn't yet released or been delayed.

Ian Beer, the security researcher at Google’s Project Zero, had released two exploits: multi_path (which he calls “mp”) and empty_list (which he calls “el”). The reddit user explains that the first “mp” exploit has a greater success rate, but requires an Apple Developer account, which costs $99 per month year as it requires a developer certificate. The second “el” exploit doesn’t require a developer certificate, but has a low success rate. pwn20wnd has made some improvements, but the success rate is still 1/3, which is still quite low.

Reddit user continues saying that making iOS 11.3.1 jailbreak is not so easy as Apple has added new security features which uses “an APFS snapshot over a typical root partition.”
Everyone assumed that it would be fairly easy to recycle the old code from Electra 11.1.X and simply swap out the kernel exploits, replace the async_wake exploit with mp or el. However, after running the new kernel exploits, it was discovered that Apple has added a new security feature: using an APFS snapshot over a typical root partition.
The reddit user goes on to explain the remount problem, and the reason why Electra iOS 11.3.1 jailbreak hasn’t been released so far.
One of the main features of a jailbreak is being able to access the entire filesystem of the device. Think of your device’s filesystem as two toy boxes. One of the boxes is labeled “disk0s1s1” and the other is labeled “disk0s1s2”. disk0s1s2 is the bigger box that contains everything under /var, and is divided into sections, one for each app you have installed (the sandbox), plus some extra space for photos, iBooks, etc. disk0s1s1 is the smaller box, and it contains everything under all the other folders (/Applications, /System, /Library, etc) system apps and files needed by the system. Stock iOS has disk0s1s2 mounted as read-write, and lets each app write only to it’s own sandbox, and all other parts of disk0s1s2 are only writable by the system. disk0s1s1 is only writable during software updates/restores. 
The other exciting news is that security nerd Tim Michaud has discovered a vulnerability in the launch daemon, which could even result in an untethered iOS 11.3.1 jailbreak. It is similar to the vulnerability used in the evasi0n jailbreak, which was an untethered jailbreak.

Jailbreakers need to be patient as we're talking about the most secure operating system in the world so it probably takes long time to release a jailbreak for it..

[via reddit]  


blog comments powered by Disqus
Octofinder Blog Catalog