Arbitrary kernel read/write access has just been achieved on iOS 11.3 firmware. Here’s what this means for the jailbreak community.
Min Zheng gains kernel read/write access on iOS 11.3
Alibaba hacker Min Zheng has been single-handedly pwning Apple’s latest firmware versions lately.
Today, the Chinese hacker successfully hacked into the most secure component of iOS, that is, the kernel. A kernel exploit is the most important part of the jailbreak puzzle.
Here’s what he posted on his Twitter handle.
Well, break KASLR and gain arbitrary kernel R/W on iOS 11.3: pic.twitter.com/bTpDclgE49
— Min(Spark) Zheng (@SparkZheng) April 11, 2018
The image above depicts the KASLR protection being defeated and read and write commands executed in the kernel.
Previously, Min successfully discovered an old kernel bug in iOS 11.3. He apparently utilized the same bug to gain arbitrary read/write access this time around.
What does this mean for the jailbreak community?
In a first, Min Zheng confirms that his team will disclose the aforementioned vulnerability to Apple.
Make no mistake, Zheng still hasn’t clarified whether or not the vulnerability will ever go public.
According to him, his team submitted iOS 11.3 kernel exploitation techniques at a conference.
If the said conference approves their submission, which it likely will, the Alibaba Security Team will report it to Apple.
For those who don’t know, Apple allows participants of its Bug Bounty program to publicly release their vulnerabilities.
But here’s the catch – you can only do so when Apple releases a patch and stops signing the affected firmware version.
I recommend staying on iOS 11.3 if you are already on that version. As far as iOS 11.2.6 is concerned, try to stick to it until a promising exploit drops by.
If you are unsure as to which version is right for you, just leave a comment below. I will be happy to help you out.
For more jailbreak scene news, follow us on Facebook and Twitter.