Luca the fake strikes again!

nick maddinson · May 28, 2016

JailbreakMe like Safari-based iOS 9.3.2 Jailbreak Demoed

JailbreakMe by Comex was one of the easiest ways to jailbreak your iPhone, iPad or iPod touch. All you had to do was use Safari to jailbreak your device.Fast forward to today, and Luca Todesco aka qwertyoruiop, the talented Italian hacker who has been teasing us by showing off a jailbreak for iOS 9.3 while it was in beta, has just released another video, which shows he can successfully jailbreak an iPhone running iOS 9.3.2 using Mobile Safari.

Todesco has clarified that “stashing is disabled, that’s why Cydia doesn’t prep filesystems”.

Unfortunately, we don’t expect him to release a jailbreak. It does give us hope that jailbreak teams like Pangu or TaiG can figure out a way to jailbreak iOS 9.3.2 using Mobile Safari.

The latest iOS version that can be jailbroken currently is iOS 9.1. Back in October, Pangu Team released a new version of their popular Pangu Jailbreak tool to jailbreak iOS 9 – iOS 9.0.2. Apple responded quickly to kill the Pangu Jailbreak by releasing iOS 9.1, which patched several vulnerabilities used by the jailbreak tool. It continued patching some more exploits in iOS 9.2 and iOS 9.2.1 used in the Pangu Jailbreak. But Pangu team responded recently, by releasing a new version of their Pangu Jailbreak tool to jailbreak iOS 9.1. Unfortunately, it doesn’t work with iOS 9.2, iOS 9.2.1, iOS 9.3, iOS 9.3.1 or iOS 9.3.2.

Updated May 28, 2016 by nick maddinson

AnotherLurker · May 28, 2016

1. Luca isn't fake

2. Apple didn't "respond quickly" to fix the Pangu jailbreak in iOS 9.1, it was already patched in iOS 9.1 beta, which prompted Pangu to release the jailbreak.

TwiiX · May 28, 2016

1. Luca isn't fake

2. Apple didn't "respond quickly" to fix the Pangu jailbreak in iOS 9.1, it was already patched in iOS 9.1 beta, which prompted Pangu to release the jailbreak.

Pretty much is fake or he would have communicated with teams like pangu & Taig to get a jailbreak released. Anyone in my eyes that "posts and brags" about a jailbreak they apparently have but won't give it to the community is a fake.

gone123 · May 28, 2016

Pretty much is fake or he would have communicated with teams like pangu & Taig to get a jailbreak released. Anyone in my eyes that "posts and brags" about a jailbreak they apparently have but won't give it to the community is a fake.

Lucas is not a fake..... There are some videos explaining why he didn't communicate with jb teams

nick maddinson · May 28, 2016

1. Luca isn't fake

2. Apple didn't "respond quickly" to fix the Pangu jailbreak in iOS 9.1, it was already patched in iOS 9.1 beta, which prompted Pangu to release the jailbreak.

Lucas is not a fake..... There are some videos explaining why he didn't communicate with jb teams

Why can't he share the exploits with Pangu or Taig as he ain't going to release it. But it might help them to provide us with a jail-beak for us.

Pretty much is fake or he would have communicated with teams like pangu & Taig to get a jailbreak released. Anyone in my eyes that "posts and brags" about a jailbreak they apparently have but won't give it to the community is a fake.

That's because this is is a failbreak meaning you need access to a developer account so it isn't releasable

Pangu and taig most likely have a jailbreak ready to go just they don't want to release it yet as Apple have always got a iOS version in beta meaning after a week the exploit would be fixed. When apple stops with the iOS 9 betas and focuses on iOS 10 that's when we will most likely see a jailbreak for all iOS 9 versions.when the iOS 10 betas are released we won't see anymore for 9 and probably won't have anymore iOS 9 versions so around June July would be the best time to release a public jailbreak

Updated May 28, 2016 by nick maddinson

gone123 · May 28, 2016

Why can't he share the exploits with Pangu or Taig as he ain't going to release it. But it might help them to provide us with a jail-beak for us.[/size]

That's because this is is a failbreak meaning you need access to a developer account so it isn't releasable [/size]

Pangu and taig most likely have a jailbreak ready to go just they don't want to release it yet as Apple have always got a iOS version in beta meaning after a week the exploit would be fixed. When apple stops with the iOS 9 betas and focuses on iOS 10 that's when we will most likely see a jailbreak for all iOS 9 versions.when the iOS 10 betas are released we won't see anymore for 9 and probably won't have anymore iOS 9 versions so around June July would be the best time to release a public jailbreak[/size][/size]

Exactly well explained

nick maddinson · May 28, 2016

Exactly well explained

The exploit that he is using is publicly available. It is the same that is currently used to crash the ps4 web browser which could lead to a potential ps4 jailbreak on the latest firmware.

Everyone can try it on their iOS devices and you will see that safari will not be able to load the page (tab will crash), where other browsers like chrome will not have a problem with that. Here it is:

https://github.com/WebKit/webkit/commit/98845d940e30529098eea7e496af02e14301c704

After the crash he probably partialy used some of the old jailbreakMe code to do the actual jailbreak and install cydia which is also publicly available:

https://github.com/comex/star_

Since it is already available for public, it will be fixed for 100% in the next iOS release, so hopefully someone skilled will release this jailbreak soon as long as iOS 9.3.2 is still signed or another exploit will be wasted.

May 28, 2016

Pretty much is fake or he would have communicated with teams like pangu & Taig to get a jailbreak released. Anyone in my eyes that "posts and brags" about a jailbreak they apparently have but won't give it to the community is a fake.

That's the dumbest thing I have ever heard...

Rook · May 28, 2016

He never claims to release a jailbreak. He's just a researcher.

nick maddinson · May 29, 2016

That's the dumbest thing I have ever heard...

He never claims to release a jailbreak. He's just a researcher.

do you remember the

ZERODIUM - The Million Dollar iOS9 Bug Bounty

this was similar to the safari exploit that luca used

so it wasn't luca who found it initially , but the jailbreak team who gave the exploit to zerodium , maybe luca is giving a clue to taig or pangu to find a safari exploit using his video , i got to know something by watching this video which explains everything :

The fact that they're offering $1M for someone to develop the breach should make you feel very good about the overall security of the system... if it was easy nobody would pay $1M for it.