Exploits Untethered: iOS 9 Jailbreak Demoed In A New YouTube Video

Finally, we are nearing to the iOS 9 public launch on September 16, still got no iOS 8.4.1 jailbreak, but the Chinese Pangu team has uncovered vulnerabilities in 8.4.1 that have been patched in iOS 9Weibo/HacPwn. Now that, the well-known iOS hacker “iH8snow” published a new YouTube video clip showing off how he managed to untether iOS 9 jailbreak. Details below!


He has posted a video of it showing the jailbreak working on final iOS 9 GM version which Apple released at its iPhone 6s media event yesterday. With that action in hands. Prominent developer iH8Snow, who has previously been responsible for the patching tools such as Sn0wbreeze and P0sixspwn, has released a video demonstrating an untethered jailbreak on the latest iOS 9 platform. Uploaded the video through his personal YouTube channel and it comes in at just over three minutes long.

Soon, we have come to expect from the jailbreak community which is of course the one, necessary vulnerabilities and tools to jailbreak a device. The video acts as a proof of the claim, showing off a fully untethered jailbreak featuring verbose booting, integration of custom boot logos, and code injection.

Here’s a video of it in action:

With that said, it seems that iH8sn0w has managed to get to grips with the new security measures within iOS 9, or lack of them, and bypass them in almost record time. Here are few things to say by the developer regarding the part of the video, about his research into the platform and hind acievements, findings:

Worth noting, iOS 9+ arm64 iDevices now enforce a checksum on __TEXT/DATA.const regions of the kernel through the use of TrustZone. Modifying said sections will cause the device to panic (either at kernel or EL3 will force a reboot if the kernel refused to gracefully panic). Essentially, it’s KPP (Kernel Patch Protection). You can race it though if you want to play with things. Just be quick! ;P

Also, there should technically now be two additional partitions (baseband_data [s1s3] and logs [s1s4]) but didn’t really bother with those as they weren’t critical.

If this is going to be happend just after the public release of iOS 9 rolls out, it’s highly likely that the same tactics used to provide the untethered jailbreak in this video will actually be able to afford the same grace to end-users when iOS 9 finally, released.

Also like to check: