After hacking iOS 11.1.2 successfully, hackers have turned their sights towards iOS 11.2. Here’s a new tool that successfully bypasses KASLR on iOS 11.2.6 firmware.
Table of Contents
KASLR is no longer a hurdle in iOS 11.2.6
extra_recipe_extra_bug tool successfully bypasses KASLR, Apple’s most feared protective measure. It is developed by Norwegian security researcher John Åkerblom.
Apple was supposed to add a value twice to a function.
However, Apple engineers added an unverified value to the function, which results in a heap overflow. This is where this bug works its magic.
As its name suggests, extra_recipe_extra_bug is an extension of the original extra_recipe jailbreak by Xerub.
This bug is not to be confused with the original tool, which was actually a jailbreak.
For the uninitiated, extra_recipe was developed for iOS 10-10.1.1 firmware and was touted as a better alternative for mach_portal.
Surprisingly, the original code is still useful even on a modern version like iOS 11.2.6.
You can download the Xcode project below and take it for a test drive (only if you know what you are doing).
Can this lead to a jailbreak?
While this alone can’t lead to a jailbreak, it is one of the components of a full-blown jailbreak tool.
With that said, a functional KASLR bypass lays the groundwork for future exploitation of iOS 11.2.6 and older versions.
Once a kernel exploit gets released publicly, developing a jailbreak will definitely become easier.
If you are currently using iOS 11.2.6 (or below), sit tight as a jailbreak or nonce setter tool might not be as far away as it seems.
For more iOS security updates, follow us on Twitter and Facebook.