Ian Beer just released a new kernel exploit for iOS 11.3.1 firmware. Here’s why this exploit will prove useful for jailbreak users.
Table of Contents
Ian Beer makes MPTCP exploit public
Ian Beer utilized kernel memory corruption in two areas, namely, MPTCP and VFS. The exploit based for the MPTCP bug is already public whereas the VFS exploit will be released next week.
This is the first time in ages that a hacker has released an exploit while the target firmware is still signed.
iOS 11.4 patched kernel memory corruption bugs I reported in two distinct areas: mptcp and vfs. My exploit for the mptcp bug is here: https://t.co/Vj4AX1rNd5 Please read the README. It requires an Apple developer cert.
— Ian Beer (@i41nbeer) June 5, 2018
Ian also reported these vulnerabilities to Apple a few weeks back. Apple’s security team patched these bugs in iOS 11.4 firmware.
The MPTCP bug is the same bug that John Akerblom’s multipath_kfree exploit uses.
According to the veteran hacker, the VFS bug requires a paid developer certificate whereas MPTCP bug doesn’t require special entitlements.
Moreover, the VFS bug is “considerably” harder to exploit as compared to the MPTCP exploit.
When will iOS 11.3.1 jailbreak be released?
There’s no word yet from Coolstar and Electra Team on when jailbreak development will kick off.
Other prominent developers involved in the project, too, have yet to confirm anything.
Coolstar will need to utilize the VFS bug because it doesn’t rely on a paid developer certificate. Since this exploit will go public after a couple of days, you can expect a delay in a jailbreak port.
As far as the MPTCP bug goes, jailbreak developers will try to steer clear of it due to restrictions.
Although Ian suggests running the exploit on a secondary device, you will be better off keeping your primary device on a vulnerable version.
Therefore, I highly recommend updating your Apple device to iOS 11.3.1 if you want to ensure compatibility with the upcoming jailbreak.
Apple will pull the plug on iOS 11.3.1’s signing window anytime now so make it quick.
For more jailbreak news and updates, follow us on Facebook and Twitter.
“This is the first time in ages that a hacker has released an exploit while the target firmware is still signed.”
Not at all… iOS 11.1.2 tfp0 was also released by Ian Beer before 11.1.2 was unsigned
In the beginning you write:
” the VFS bug requires a paid developer certificate whereas MPTCP bug doesn’t require special entitlements.”
Below that you write the opposite.
Thanks for the tip. I have updated it.
. “According to the veteran hacker,
According to the veteran hacker, the VFS bug requires a paid developer certificate whereas MPTCP bug doesn’t require special entitlements.
Coolstar will need to utilize the VFS bug because it doesn’t rely on a paid developer certificate.
Need or doesn’t need paid developer certificate in VFS bug ?
Yes, it does require a developer certificate.
There is a mistake in your article. “According to the veteran hacker, the VFS bug requires a paid developer certificate whereas MPTCP bug doesn’t require special entitlements.” It’s the opposite?
VFS bug requires a developer certificate, the MPTCP bug doesn’t.
Hello, Help please I am in 11.2 (Iphone7) I have to go up to 11.3.1 mmmm … is it better 11.2?
Yes, it is better.
Nope. Vfs bug doesnt require paid dev cert. Mtcp bug require
Thanks. I have updated it.