KASLR bypass achieved on iOS 11.2.6

After hacking iOS 11.1.2 successfully, hackers have turned their sights towards iOS 11.2. Here’s a new tool that successfully bypasses KASLR on iOS 11.2.6 firmware.

KASLR is no longer a hurdle in iOS 11.2.6

extra_recipe_extra_bug tool successfully bypasses KASLR, Apple’s most feared protective measure. It is developed by Norwegian security researcher John Åkerblom.

Apple was supposed to add a value twice to a function.

However, Apple engineers added an unverified value to the function, which results in a heap overflow. This is where this bug works its magic.

As its name suggests, extra_recipe_extra_bug is an extension of the original extra_recipe jailbreak by Xerub.

extra_recipe jailbreak

This bug is not to be confused with the original tool, which was actually a jailbreak.

For the uninitiated, extra_recipe was developed for iOS 10-10.1.1 firmware and was touted as a better alternative for mach_portal.

Surprisingly, the original code is still useful even on a modern version like iOS 11.2.6.

You can download the Xcode project below and take it for a test drive (only if you know what you are doing).

Download extra_recipe_extra_bug

Can this lead to a jailbreak?

While this alone can’t lead to a jailbreak, it is one of the components of a full-blown jailbreak tool.

With that said, a functional KASLR bypass lays the groundwork for future exploitation of iOS 11.2.6 and older versions.

Once a kernel exploit gets released publicly, developing a jailbreak will definitely become easier.

cydia

If you are currently using iOS 11.2.6 (or below), sit tight as a jailbreak or nonce setter tool might not be as far away as it seems.

For more iOS security updates, follow us on Twitter and Facebook.

4 Comments

  1. Izaiah April 14, 2018
    • iOS Expert April 14, 2018
  2. Captain Croatia April 6, 2018
    • iOS Expert April 6, 2018

Leave a Reply

Share via
Copy link
Powered by Social Snap