Wed. Aug 4th, 2021
iOS 14.5, iOS 14.5.1 and iOS 14.6 Safari Jailbreak (WebKit Jailbreak) - All you need to know

It’s no secret that as of today, 06/13/2021, there’s currently no iOS 14.6, iOS 14.5.1, or iOS 14.5 jailbreak available for the A12, A13, and A14 devices, but one is already being worked on actively by the Manticore Team.

They’re working on a neat jailbreak based on a WebKit vulnerability that was seemingly fixed in iOS 14.6, but not really. Using this WebKit vulnerability they’re building a Safari-based jailbreak which you will be able to activate directly from your Safari browser, without any computer, any IPA file to sign, or any AltStore to keep running.

We did have this kind of jailbreak before, but nowadays they’re a rare sight to see.

IMPORTANT: If you have an iPhone X or older, you can already jailbreak iOS 14.6, iOS 14.5.1, iOS 14.5, and even iOS 14.4 with this guide.
For the newer devices, read on.

What is PwnMy Jailbreak?

PwnMy is a WebKit / Safari-based jailbreak for iOS 14.5 and newer currently being developed (WIP) by Manticore Team. The Jailbreak uses a WebKit exploit to run directly from Safari on the user’s phone. No computer needed at all, and no re-signing.

The tool is work-in-progress, and completely open-source on the PwnMy GitHub Repository.

In this video you can learn more about what Pwn-My Jailbreak is and what it does:

Are WebKit / Safari-based Jailbreaks better than IPA Jailbreaks?

Arguably, yes. As I mentioned before, a safari-based jailbreak is nothing but a website. You navigate to it in Safari on your phone, and you tap on the “Jailbreak” button. Your iOS device gets jailbroken in a few seconds straight from the browser, no IPA, no re-signing.

This obviously has the advantage of being extremely convenient, but it also means that if a malicious party builds a website that exploits the same WebKit vulnerability for their purposes, you wouldn’t even know your device got pwned while accessing such a website.



So while these jailbreaks can be very great, they can also be dangerous if you access shady websites while staying on a vulnerable iOS version. It’s a double-edged sword, but the risk shouldn’t be that big if you pay attention to what websites you visit.

Can iOS 14.4, iOS 14.4.1, and iOS 14.4.2 be jailbroken?

Yes. They are not jailbreak-proof, and in fact, the security content of iOS 14.5 reveals a ton of patches which means that iOS 14.4 to iOS 14.4.2 is indeed very vulnerable.

While there isn’t any kernel exploit currently available publicly, there are many kernel vulnerabilities that will start getting released by their respective finders in the upcoming weeks.

Once a good enough kernel vulnerability is released by a security researcher or a team such as the Google Project Zero group, jailbreak developers like Pwn20wnd, RPwnage, and Coolstar can gather their teams and start working on updating their tools.

Unc0ver Jailbreak, Taurine, Manticore Jailbreak, all of them can be jailbroken once a kernel exploit is released.

Will iOS 14.4, iOS 14.4.1, and iOS 14.4.2 work with the WebKit Jailbreak by Manticore Team?

Not by default. The Manticore Team uses a WebKit vulnerability in AudioWorklet, which hasn’t been introduced to iOS until iOS 14.5. So the initial Manticore Jailbreak that will work from Safari, called PwnMy Jailbreak, will support iOS 14.5 and newer.

Of course, nothing stops Manticore Team from using other WebKit vulnerabilities that would work on iOS 14.4 and iOS 14.4.2 if they wanna make their tool backward compatible.

What is needed for a full WebKit Jailbreak for iOS 14.5+?

For PwnMy jailbreak to reach a complete stage where it’s completely useful, we would need a kernel exploit for iOS 14.5, iOS 14.5.1, and iOS 14.6.

While the iOS 14.6 one may take a few months to come, given that iOS 14.6 is currently the latest version, the iOS 14.5.1 and iOS 14.5 ones may not be very far. Once patched, these vulnerabilities have little to no value so many security researchers publish write-ups with proof of concept code for the vulnerability that we can use for jailbreak purposes.

Once a kernel exploit is released, the Manticore Team can piece it together with the WebKit exploit so that truly no-computer jailbreak will exist.

Will Unc0ver or Taurine ever get a Safari-jailbreak version?

Nothing stops Pwn20wnd or Coolstar from updating Unc0ver and Taurine once a kernel exploit is released, but it’s very likely that their jailbreaks will require a major rewrite to work from the browser. Their tools are built around the IPA / iOS native Application model, which is far different from an HTML + Javascript website which would be a Safari-Jailbreak.

So while they can do it, and chances are they will at some point, it will not be as easy as dropping the new WebKit exploit file in the Unc0ver source code. Many parts need a full rework to be adapted for JS deployment.

Manticore Team has a headstart here because they already started thinking about their tool when the WebKit exploit was released. Planning ahead makes things faster when a kernel exploit is out.

Is iOS 14.6 impossible to jailbreak?

No, not at all. Yes, it will take time, because iOS 14.6 is currently the latest signed version at the time I am writing this, so nobody will release an exploit right now as it would be 0-day (very expensive exploits). Once iOS 14.6 is no longer signed and it is replaced by iOS 14.7, all patched vulnerabilities can be released and the cycle repeats itself.

No iOS version is truly impossible to jailbreak.

By GeoSn0w

An iOS and Jailbreak enthusiast who has been around for quite some time in the community. I've developed my own jailbreaks before and I am currently maintaining iSecureOS, one of the first iOS Anti-Malware tools for jailbroken devices. I also run iDevice Central on YouTube with over 133.000 Subscribers! Thank you for being part of this awesome community.

Have comments? :-)