Google Project Zero releases iOS 11.2.6 WebKit bug

Google Project Zero has released yet another iOS 11 vulnerability to the public. Here’s how this bug works and what this means for the jailbreak community.

iOS 11.2.6 WebKit bug goes public

Google Project Zero recently published a WebKit bug in iOS 11.2.6.

For the uninitiated, Google Project Zero is dedicated to finding the latest vulnerabilities in various operating systems to ensure your device remains safe and secure.

This vulnerability (CVE-2018-4121) was discovered by Natalie Silvanovich. According to iOS 11.2.6’s security notes, this bug can lead to arbitrary code execution.

Hacker Siguza states it is a quasi-sandbox escape for the WebKit process, not a full sandbox escape.

webkit bug iOS 11.2.6

Silvanovich also posted a detailed write-up along with a proof-of-concept. However, this bug still lacks a proper exploit.

Can this bug lead to a jailbreak?

This bug is not powerful enough to allow developers to develop a jailbreak tool.

A sandbox escape is one of the components of a full-blown jailbreak tool. Apart from a jailbreak, this bug may lead to an iOS 11.2.6 semi-jailbreak provided someone writes an exploit for it.

Therefore, this bug could become useful in the future if a kernel exploit goes public.

liberios

A developer has also offered to port Houdini to iOS 11.2.6 if he gets hold of an exploit based on this bug.

But as of now, its usability remains limited, especially for the jailbreak community.

Here’s yet another vulnerability that was discovered in the same firmware version –

For more jailbreak scene news and updates, like us on Facebook and Twitter.

3 Comments

  1. Aidan April 9, 2018
    • iOS Expert April 9, 2018
  2. Mohamad April 8, 2018

Leave a Reply