In today's video, we're talking the latest Jailbreak news in the iOS community. The story is coming from #Zerodium, a software vulnerability broker company that seems to be very interested lately in a fully untethered iOS 12.x remote Jailbreak. Just a few hours ago Zerodium made headlines when they announced the fact that they're willing to pay up to $2 Million for a complete untethered iOS 12.x remote #Jailbreak. Now, this is pretty worrying news for the jailbreak community and in this video, I go through the great lengths of why.
See, #Zerodium has these very big bounties for all sorts of vulnerabilities, including iOS ones. Sandbox escapes, remote code execution, Safari / Webkit vulnerabilities, etc. All of these can be used in a Jailbreak and all of them are desired by Zerodium and other similar companies. The problem is that, if a security researcher submits a vulnerability he has for the bounty, Zerodium will very likely sell it further to its customers and that vulnerability will likely remain 0day which means that it may never be released for the general public.
This poses a threat to the Jailbreak community which depends greatly on publicly available kernel vulnerabilities and exploits to be able to build the next public iOS Jailbreak. With researchers encouraged to sell their vulnerabilities, the number of public releases may, indeed, get lower in time. Of course, these researchers deserve to be paid for their work like anybody else, so the idea remains: do not update to the latest #iOS version if you wanna Jailbreak. The latest version is always targeted by such 0day companies and therefore it has the least public exploits available.
▽ Resources ▽
▶ My previous video about SorryMyBad's tfp0 Kernel vulnerability
▶ NEW iOS 12.0 / 12.1.x UNTETHERED JAILBREAK DEBUNKED | Don't Update to iOS 12.1.2