When will an iOS 10 jailbreak release? Here’s everything we know so far ...
It’s that time of year again. The time when jailbreak fans begin to wonder, “When will the next jailbreak release?” While iOS 10 has been out less than a month, signs that researchers were working on a jailbreak for Apple’s latest operating system began showing up as early this summer, while the software was still in beta. Meanwhile, claims of a working iOS 10 jailbreak were seen on Twitter just five days after iOS 10 was released to the public.
Despite these small glimmers of hope, there has been no clear indication that a public iOS 10 jailbreak is anywhere near releasing.
As I usually do around this time of year, I’ve decided to take a few moments to talk with active members of the iOS jailbreak development community and find out what the status of the iOS 10 jailbreak release might be, and what hurdles currently stand in the way. I reached out to both Luca Todesco (a.k.a @qwertyoruiopz) and jailbreaking godfather, Jay Freeman (a.k.a Saurik) for insight. Here’s what they had to share.
Question #1: Is a public iOS 10 jailbreak currently in the works?
The answer from both of these guys was, emphatically, "yes." As Luca was the first legitimate jailbreak developer to showcase a “working” iOS 10 jailbreak, clearly he’s interested. I spoke to Luca Sunday and he shared that he's currently focusing his research on changes to Kernel Patch Protections (KPP) and the more rigorous memory protection system found in the iPhone 7. If he can find a way to create a public jailbreak, he will. He’s even expressed interest in finding possible methods of delivering an iOS 10 jailbreak via Safari.
“I plan on doing Safari research at some point,” Todesco told iDigitalTimes, “but right now I’m all about KPP/iPhone 7 memory protections.”
Outside of the efforts by Todesco, it’s safe to say that Pangu team, the developers of the last several public jailbreaks, are still actively researching iOS 10 as well. At Mosec 2016, a Beijing-based security conference that took place in July, Pangu demonstrated a working iOS 10 beta 1 jailbreak. Unfortunately, the vulnerabilities used in that demo were patched in iOS 10 beta 2, which prompted the release of the semi-tethered iOS 9.3.3 jailbreak. The team hasn’t provided any recent updates on their progress, but it’s a safe bet that they are still actively working on an iOS 10 jailbreak.
Question #2: If Luca Todesco has a working jailbreak, why hasn’t he released it?
So this is something a lot of people are probably wondering since Todesco did showcase a video of a working iOS 10 jailbreak just five days after the software released to the public. While the jailbreak is technically “working,” it’s important for the rest of us to understand that it doesn’t necessarily mean the jailbreak is ready for public consumption. Sometimes jailbreaks are demoed using developer-only stuff, meaning, you couldn’t use the same techniques if you weren’t a developer. On the other hand, it’s possible Todesco has a partially working or even a semi-tethered jailbreak, but that he’s holding back while looking for a smoother or more effective way to jailbreak iOS 10.
According to Jay Freeman (a.ka. Saurik), this was actually the type of situation that occurred when Pangu decided to release the semi-tethered iOS 9.3.3 jailbreak.
“I have no clue how long [Pangu] was sitting on that kernel bug [for iOS 9.3.3.], Freeman told iDigitalTimes. “Essentially jailbreak releases go like this: you sit around trying to find bugs until you find a full stack, and then you look at Apple's release timing and see when it might make sense to push a public jailbreak (for example, if you are on iOS 10 beta 5, often you will wait until iOS 10 to arrive before you release your exploits) … in the case of the iOS 9.3.3 jailbreak, once it was clear that Apple had fixed the bug, and given that this bug was a rare kind of bug, they figured they might as well release. In that case, if Pangu had actually had a full jailbreak, I believe they would have released it much earlier.”
Question #3: Are there any new players or teams on the jailbreak scene?
Personally, I haven’t seen any evidence of new jailbreak developers on the scene this cycle but this doesn’t necessarily mean it couldn’t happen. Speaking with Saurik, he had similar thoughts:
“I have not seen signs of other ‘legitimate efforts,’ to jailbreak iOS 10, but that does not mean much.”
Basically, the best thing to do when it comes to being “in the know” about potential jailbreak players or when a legitimate new jailbreak has released, is to follow Saurik's posts on Reddit. He is quite active there and frequently communicates with the jailbreak community this way.
Question #4: What are the big security hurdles to overcome iOS 10?
As I mentioned before, jailbreak developers are basically in the research stage of development and there hasn’t been a ton of discussion yet of changes to iOS 10 security. One change that has been mentioned relates to the iPhone 7 and has to do with memory protections.
According to Saurik, “starting in iOS 9 on ARM 64 devices (iPhone 5S and newer) you can't modify the kernel because there is a memory protection scheme in place that occasionally looks for changes and kills the device if it has been compromised."
To create a jailbreak, patching the kernel often plays an integral role. If the protections had worked correctly, it would have made jailbreak iOS 9 much more difficult. These protections, however, only "occasionally" worked, Saurik told iDigitalTimes. “Pangu had seen devices wait hours before bothering to enforce the protection.”
But according to Todesco the iPhone 7 remedies that issue.
"The changes to memory protection in the iPhone 7 make it so that regions of kernel memory are now “totally unwritable at the hardware level,” Saurik said.
It’s unclear how much these changes add to the difficulty of making jailbreaks for the latest iPhone 7. Todesco does seem to suggest on Twitter, however, that the changes have added complexity to making jailbreaks.
I asked Todesco if he had come up with a way to defy the new protections but he declined to answer. Based on his comments about focusing on memory protection research, my guess is that he has not.
As more is learned about the development of the iOS 10 jailbreak and when we might expect to see a release, I’ll be sure to provide an update.