Min Zheng has just made a startling revelation on Twitter. The hacker claims that an old kernel vulnerability is still alive on iOS 11.3 firmware.
Table of Contents
Old kernel bug survives iOS 11.3
Min Zheng aka Spark, a member of the Alibaba security team, has discovered a new kernel vulnerability in iOS 11.3.
The aforementioned kernel bug, surprisingly, is rather old and seems to have survived Apple’s renewed onslaught, wherein 45 bugs were patched.
This is indicative of the fact that iOS 11.2.6 and older versions, too, are vulnerable to this bug.
Here’s what Zheng posted on his Twitter handle.
kernel bug survived, too~~~😀😀😀 pic.twitter.com/Tt3x6JIgxD
— Min(Spark) Zheng (@SparkZheng) April 6, 2018
There’s no write-up pertaining to this bug available publicly right now. Apparently, this bug allows the attacker to execute unsigned code with kernel privileges.
What does this mean for you?
This only means one thing – Apple’ s latest mobile operating system still has a wide enough attack surface.
While there’s no guarantee that this bug will go public, there’s a slight chance that Zheng might release it in the future. As of now, we only have two bugs, including this bug, that are compatible with the latest stable build of iOS.
No matter what happens, you should keep your device prepped up for a future jailbreak or semi-jailbreak release.
I highly recommend saving SHSH Blobs for iOS 11.3 firmware if you haven’t already. This will ensure your device will be eligible for any updates to iOS 11.3 should a jailbreak drop somewhere along the line.
Which iOS version is your Apple device running right now? Leave your comments below.
For more iOS exploitation news and updates, follow us on Facebook and Twitter.
This is why I’m on 11.2:
As 11.2 came out
I watched a video about
Why to downgrade your phone
As a new exploit just had come out
I raced over to my computer
Plugged in my phone, and then
I downloaded the IPSW
And the downgrading process
began
I watched as the progress grew
And at last the downgrade was done
I was on 11.1.2
And it was time to have some fun
I went on over to GitHub
Downloaded FilzaJailed
I messed with my private/etc/fstab file
Restarted my phone and wailed
My phone just wouldn’t boot up!
Oh how could this happen to me!
And I had to restore my iPhone
Fortunately not to 11.3
The latest version was 11.2.1
But I wanted the earliest one
I downloaded 11.2
And the restore process begun
I once was on 11.1.2
And as sure as heck I miss ’em
A lesson to never forget:
Don’t mess with your root file system
Now I finally have hope again!
Thanks for such valuable updates, Luca (et al.!)!
I have a jailbroken 7+ running iOS 10.1.1 (extra-recipe). It is reasonably stable, and can often go weeks without a crash. (Sometimes only a day or two.)
I have all the SHSH blobs (“file is valid!”) up to and including 11.3.
Without a stable version of Cydia available, and few tweaks for iOS 11, is it worth the risk to jailbreak to 11.1.2 (especially with your latest post: “KASLR bypass achieved on iOS 11.2.6”)?
Blessings, and thank you!!
You can keep running iOS 10.1.1 since iOS 11.1.2 updates have been closed as iOS 11.2.6 is no longer being signed. I will explain why you can’t update in a separate article.
Actually, a lot of tweaks are compatible with Electra jailbreak by Coolstar.
Regards.
Thank
Currently on 11.2.2, should I stay there? Would any jailbreak that could potentially drop for 11.3 work on all lower firmware?
Yes, you should stay on iOS 11.2.2 for sure. iOS 11.3 currently has no exploits, just bugs that are private.