Google Security Researcher Ian Beer Releases Exploit for iOS 11.1.2, Could Lead to Public Jailbreak
Posted December 11, 2017 at 11:36pm by iClarified
Ian Beer, a security researcher for Google's Project Zero, has released an exploit for iOS 11.1.2 that could result in a working jailbreak.
Back on December 5th, Beer recommended that users keep a device on iOS 11.1.2 or lower.
If you're interested in bootstrapping iOS 11 kernel security research keep a research-only device on iOS 11.1.2 or below. Part I (tfp0) release soon.
When Apple released iOS 11.2, five of the vulnerabilities patched were attributed to Beer, including three related to the kernel.
Today Beer released an async_wake exploit which "gets tfp0 on all 64-bit devices plus an initial PoC local kernel debugger." tfp0 stands for "task for pid 0".
tfp0 should work for all devices, the PoC local kernel debugger only for those I have to test on (iPhone 7, 6s and iPod Touch 6G) but adding more support should be easy
Jonathan Levin, author of MacOS and iOS Internals, has already addressed 'ETA naggers'.
To all wen eta naggers, if it wasn't clear: UPDATE TO iOS 11.1.2 (TvOS 11.1) NOW - that's what @i41nbeer's TFP0 will be for. iOS 11.1 NO LONGER SIGNED BY AAPL. Ian's PoC won't be full JB, but will enable partial (kdata) on [iPhone 7 and higher], and (possibly) full on [iPhone 6s and lower], and it's best you'll get.
We'll be watching closely to see if anyone uses the exploit to release a public jailbreak. Please follow iClarified on Twitter, Facebook, or RSS for updates.
Read More
Back on December 5th, Beer recommended that users keep a device on iOS 11.1.2 or lower.
If you're interested in bootstrapping iOS 11 kernel security research keep a research-only device on iOS 11.1.2 or below. Part I (tfp0) release soon.
When Apple released iOS 11.2, five of the vulnerabilities patched were attributed to Beer, including three related to the kernel.
Today Beer released an async_wake exploit which "gets tfp0 on all 64-bit devices plus an initial PoC local kernel debugger." tfp0 stands for "task for pid 0".
tfp0 should work for all devices, the PoC local kernel debugger only for those I have to test on (iPhone 7, 6s and iPod Touch 6G) but adding more support should be easy
Jonathan Levin, author of MacOS and iOS Internals, has already addressed 'ETA naggers'.
To all wen eta naggers, if it wasn't clear: UPDATE TO iOS 11.1.2 (TvOS 11.1) NOW - that's what @i41nbeer's TFP0 will be for. iOS 11.1 NO LONGER SIGNED BY AAPL. Ian's PoC won't be full JB, but will enable partial (kdata) on [iPhone 7 and higher], and (possibly) full on [iPhone 6s and lower], and it's best you'll get.
We'll be watching closely to see if anyone uses the exploit to release a public jailbreak. Please follow iClarified on Twitter, Facebook, or RSS for updates.
Read More