Richard Zhu escapes Safari sandbox and executes code on iOS 11.1

Mobile Pwn2Own is already underway and cool progress is being made on the jailbreak front by hackers. Here’s all you need to know about it.

Safari Sandbox Escaped successfully

Mobile Pwn2Own 2017 is on and Apple’s most secure operating system is again finding itself in the crosshairs of hackers.

Today, Richard Zhu aka fluorescence successfully escaped Safari’s sandbox. The Chinese hacker also managed to execute unsigned code from Safari.

This feat was achieved at Mobile Pwn2Own on an iPhone running the latest iOS 11.1 final firmware.

Richard also snagged up the prize money of $25,000, which is quite low for this kind of an exploit. If we consider offers from private players, it can easily fetch upwards of $100,000.

Pwn2Own 2017 results

Why is this important?

Hackers who participate in Mobile Pwn2Own will never make their exploits public due to an agreement between them and Zero Day Initiative. However, that doesn’t mean these exploits are totally useless. Here’s why this is important.

Firstly, a Sandbox escape is an important individual component of a full-fledged iOS jailbreak. Executing remote code through Safari can lead to a JailbreakMe-style jailbreak tool for iOS 11.

As always, this will be contingent to someone coming up with a way to jailbreak first.

hacker

Secondly, this gives the jailbreak community hope that loopholes continue to exist in Apple’s latest operating system.

What do you think – will we get an iOS 11 jailbreak soon? Let us know in the comments section below.

For more jailbreak news and updates, like and follow us on Twitter and Facebook.

Leave a Reply