In spite of Apple’s repeated attempts to reduce the iOS attack surface, hackers continue to circumvent its defenses. Here’s a new vulnerability that Alibaba hacker Min Zheng discovered in iOS 11.3.
Alibaba hacker discovers a zero-day vulnerability
Alibaba security researcher Min Zheng has just discovered a new bug in iOS 11.3 firmware. The Chinese hacker was able to successfully trigger an exception error.
Zheng’s tweet indicates that this vulnerability existed before iOS 11.3. However, it somehow managed to slip past Apple’s radar and continues to plague its latest official firmware build.
Here’s what the hacker posted on his official Twitter handle.
Good~A zero-day bug survived in the iOS 11.3 update~~~😬😬😬 pic.twitter.com/K7LMVhxyPh
— Min(Spark) Zheng (@SparkZheng) April 4, 2018
The “Exception Type: EXC_BAD_ACCESS (SIGBUS)” message is usually associated with RAM failure.
In this case, however, it points at a bug in the software the hacker tried to attack.
Zheng is known for revealing little to no details about his bugs.
Hence, it is not yet known whether or not this bug can be weaponized to achieve a sandbox escape or a full-blown kernel exploit.
Can this bug lead to an iOS 11.3 jailbreak?
Unfortunately, Zheng has never released an iOS exploit or vulnerability to the public. Therefore, we shouldn’t expect a release this time as well.
But since it’s an old vulnerability, he might wait for Apple to patch it.
Once Apple releases a patch in an iOS 11.4 update, the bug will be sold off to the highest bidder for a bounty or made public for jailbreak developers, which seems highly unlikely.
This development comes at a time when Apple patched 45 vulnerabilities and exploit in iOS 11.3. However, the chances of achieving a full jailbreak with this bug alone are slim to none.
What do you think? Will this version ever get a jailbreak? Leave your comments below.
For more iOS security news and updates, follow us on Facebook and Twitter.