Adam Donenfeld discovers a heap overflow vulnerability in iOS 11.2.2

iOS 11.1.2 already has a jailbreak and developers are making solid progress on iOS 11.2-11.2.2. Here’s yet another vulnerability that Israeli hacker Adam Donenfeld discovered today.

Adam finds a heap overflow bug in iOS 11

Renowned security researcher, Adam Donenfeld, just discovered a new vulnerability present iOS 11. It is present in the heap area of the iOS kernel.

According to Adam, this bug is one of the most “hidden” vulnerabilities in iOS.

He also mentioned that developers can weaponize it using Jonathan Levin’s QiLin toolkit, a jailbreak development framework for iOS.

Here’s what the pro-hacker posted on Twitter.

Adam reported this bug to Apple and they promptly fixed it in iOS 11.2.5 firmware.

This means this bug is useful only for those who are still on iOS 11.2.2 and below versions, all of which are now unsigned.

Will Adam make this bug public?

As of now, Adam hasn’t given any release date or ETA. He did, however, tweeted that he would like to present it at a hacking conference.

The hacker also remarked that he didn’t work on an exploit based on it. Now it’s up to other hackers to prepare an exploit with it.

iOS hacker

For the uninitiated, Adam has a history of helping jailbreak developers and making exploits public. He made public the triple_fetch exploit for iOS 10 a while back.

Can this lead to an iOS 11.2.2 jailbreak?

This bug or vulnerability alone can’t lead to an iOS 11.2.2 jailbreak tool. However, it can lead to any of the following –

  • Nonce setter tool for iOS 11.2-11.2.2. This will allow users to go back to iOS 11.1.2, which is compatible with Electra.
  • Jailbreak tool for iOS 11.2-11.2.2, when combined with other powerful exploits.

Zimperium zLabs also intends to make public an iOS 11.2.x exploit in the near future. Therefore, it makes sense to stay on this version. We have truly interesting times ahead of us!

Are you hyped for an iOS 11.2.2 jailbreak? If yes, leave your comments below.

For more iOS 11.2.2 jailbreak and security updates, give us a follow on Twitter and Facebook.

Leave a Reply