A few hours back, Ian Beer publicly released his iOS 11.4 exploits as promised. Here’s why these bugs are important and how they can help us achieve a jailbreak on iOS 11.4 and above.
Sandbox escape and kernel exploits for iOS 11.4-11.4.1
Project Zero security researcher Ian Beer has finally made public the kernel info leak and UaF bugs.
The ace hacker posted an in-depth write-up, Deja XNU, comparing the exploitation techniques used in 2014 by Team Pangu. He also delves into what the future of iOS security research will look like.
A blog post about turning back the clock to 2014, and thinking about what 2022 might be like: https://t.co/R1AsQsZpIL
— Ian Beer (@i41nbeer) October 18, 2018
Apart from the bugs mentioned above, Beer has also released multiple kernel and sandbox escape exploits.
Unfortunately, the sandbox escape only grants the attacker code execution privilege in the backboardd daemon, which runs as mobile, not root.
When will iOS 11.4.1 jailbreak be released?
Unfortunately, these bugs are not powerful enough for an iOS 11.4.1 jailbreak on their own. However, they could possibly become useful, when used in conjunction with other public exploits, in the future.
According to Jake James, we would first need to make Brandon’s exploit work on iOS 11.4 and then chain them together to gain root access on it. Simply utilizing Jonathan Levin’s QiLin jailbreak toolkit in the post-exploitation phase won’t cut it.
iOS 11.4.1, on the other hand, will require root to make Ian’s bugs work.
Further, Project Zero hackers usually wait for Apple to unsign the vulnerable operating system version before making bugs public. This severely affects the level of interest users give to that firmware.
Regardless, this is great news for users who held back from upgrading to iOS 12. Your decision to stick with iOS 11.4 or 11.4.1 might just pay off very soon!
Which firmware are you using right now? Post your version number below.