A Phoenhex Dev Team member just made public a browser-based Safari exploit for iOS 11.3.1. Here’s how this can prove useful for the jailbreak community in the future.
Table of Contents
Remote code execution via Safari is now possible
Renowned hacker Niklaus Baumstark has just released a new exploit that gets kernel privileges on iOS 11.3.1. It currently contains the offsets for iPhone 8 on iOS 11.3.1 firmware.
This isn’t a new exploit per se; rather, it utilizes Ian Beer’s VFS bug and exploits it via the stock Safari browser using the CVE-2018-4233 WebKit bug.
For the uninitiated, Pheonhex Dev Team is a team comprising elite security researchers.
They have reported plenty of Safari bugs in the past and also participated in Pwn2Own 2018 hacking competition.
Here’s what the German hacker posted on his personal Twitter account.
Just exploited @i41nbeer's bug via Safari RCE. I guess it really is time now to get a second iPhone that I can actually upgrade and use without getting hacked. pic.twitter.com/bq2pIRMFCn
— Niklas B (@_niklasb) June 15, 2018
As Ian Beer’s exploit carries out the “actual” exploitation, its success rate remains unchanged.
According to Niklaus, the exploit works best when no apps are running in the background and device is kept idle before the user triggers it.
Compatibility
Here’s the complete list of all compatible operating system versions. If your device happens to run any of these versions, you are in luck.
- 11.2
- 11.2.1
- 11.2.2
- 11.2.5
- 11.2.6
- 11.3
- 11.3.1
Apple patched both the constituent bugs in iOS 11.4 update, so all versions newer than iOS 11.3.1 will be incompatible with this exploit.
Is a JailbreakMe-style jailbreak possible on iOS 11.3.1?
As of right now, the exploit is open source but its payload is closed-source due to security reasons.
Safari exploits make it easier for unethical hackers to spread malware via web browser.
This is the main reason why hackers want to keep Safari bugs under wraps until Apple patches them in an update.
With that being said, Niklaus is willing to provide the source to legitimate developers.
Therefore, Coolstar and the rest of the Electra Developer team may get their hands on this juicy exploit somewhere down the line.
Coolstar is already willing to work with Niklaus to distribute his project as JailbreakMe 5.0.
Once the jailbreak developers integrate it into the jailbreak, the prospects of a JailbreakMe-inspired tool for iOS 11.2-11.3.1 aren’t too far-fetched.
If you have the necessary expertise and want to play around with the exploit, click the link below and get hacking!
For more news about the current jailbreak scene, give us a thumbs up on Facebook and Twitter.
[Source – GitHub]
hello, it’s a great good news! but in my opinion it will take all his time especially with Electra, jailbreak with Electra in jailbreakME