Hacker Qixun Zhao of the Qihoo 360 Vulcan Team (also known as @S0rryMybad) has released a remote jailbreak PoC (proof of concept) for iOS 12.0 - iOS 12.1.1.
Zhao demonstrated the exploit on the iPhone X at the Tianfu Cup competition back in November.
Successful exploit again! #360Security gained full access to iPhoneX through a type confusion jit bug in #Safari and a UaF bug in iOS #kernel. It's the #first iPhone #jailbreak record in pwn contest in the world, wining the highest reward of #TianfuCup.
In a post about Stage 2 of the exploit chain, Zhao describes a kernel vulnerability, named Chaos, that can be directly reached from the sandbox.
In this article, I will release the PoC of Chaos and will elaborate in details (for beginners) how to get the tfp0 exploit details on A12. However, I will not release the exploit code, if you want to jailbreak, you will need to complete the exploit code yourself or wait for the jailbreak community’s release. At the same time, I will not mention the exploit details of the post exploit, as this is handled by the jailbreak community.
We're hopeful that a member of the jailbreak community will expand on Zhao's work and turn the PoC into a public jailbreak. Please follow iClarified on Twitter, Facebook, or RSS for updates and hit the link below for an in depth explanation of the exploit.
Read More
Zhao demonstrated the exploit on the iPhone X at the Tianfu Cup competition back in November.
Successful exploit again! #360Security gained full access to iPhoneX through a type confusion jit bug in #Safari and a UaF bug in iOS #kernel. It's the #first iPhone #jailbreak record in pwn contest in the world, wining the highest reward of #TianfuCup.
In a post about Stage 2 of the exploit chain, Zhao describes a kernel vulnerability, named Chaos, that can be directly reached from the sandbox.
In this article, I will release the PoC of Chaos and will elaborate in details (for beginners) how to get the tfp0 exploit details on A12. However, I will not release the exploit code, if you want to jailbreak, you will need to complete the exploit code yourself or wait for the jailbreak community’s release. At the same time, I will not mention the exploit details of the post exploit, as this is handled by the jailbreak community.
We're hopeful that a member of the jailbreak community will expand on Zhao's work and turn the PoC into a public jailbreak. Please follow iClarified on Twitter, Facebook, or RSS for updates and hit the link below for an in depth explanation of the exploit.
Read More