iOS 11.2-11.2.2 exploit by Zimperium zLabs [FAQ]

Zimperium zLabs hacking team is all set to release a somewhat powerful exploit for iOS 11.2-11.2.2. Here are all the frequently asked questions regarding this upcoming exploit.

Zimperium zLabs iOS 11 exploit [FAQ]

As you already know, Zimperium zLabs posted a write-up on an iOS 11 exploit a few days back.

The Israeli mobile security research team then promised to make this exploit public.

hacker

Although they are yet to make it open source, there’s already a lot of hype surrounding it. Naturally, jailbreakers are as curious as ever about it.

Q. How powerful is zLabs’ exploit?

A. zLabs’ exploit is quite powerful, all things considered, even if it is not powerful as Ian Beer’s async_wake. It will give us the following privileges –

  • Sandbox escape
  • Arbitrary code execution
  • Root level access to /var/ folder

Q. Which iOS firmware versions are compatible? 

A. Only the following versions are compatible –

  • 11.2
  • 11.2.1
  • 11.2.2

Q. Does it support iOS 11.2.5? 

A. No, iOS 11.2.5 is not supported because Apple patched the bugs in that version.

The reason behind this is that zLabs reported it to Apple and collected a bounty in accordance with its Bug Bounty program.

Q. Does this give hackers the ability to execute arbitrary code in the kernel?

A. The upcoming exploit by Zimperium zLabs will allow arbitrary code execution. However, this ability will remain limited primarily to daemons, not kernel.

Q. Can it lead to a full-blown jailbreak with Cydia?

A. No, these exploits pertain to native iOS daemons and, hence, developers can’t use it only to develop a jailbreak.

For a proper jailbreak tool, developers must have access to a kernel exploit.

Electra jailbreak

This exploit is not powerful enough to give us read/write access to the root iPhone filesystem.

Therefore, a jailbreak tool like Electra or LiberiOS is pretty much out of the picture in this case.

Q. Can we get a semi-jailbreak like Houdini?

A. Yes, we can certainly get a semi-jailbreak like Houdini11.

Hackers can’t gain read/write access to the root filesystem but /var folder is still accessible, making a semi-jailbreak possible.

Developing Houdini for iOS 11.2 and above will be challenging because Abraham Masri is no longer active in the jailbreak community.

Houdini11

Apart from Houdini, the developer of Torngat tweaking app has also stated that he will release an update for iOS 11.2 and above.

Q. Is any developer willing to work on this exploit?

A. A new developer will try to weaponize this exploit by packaging it in a sideload-able IPA file.

What remains to be seen is how useful that tool would be for the end user.

Q. When will zLabs release it?

A. Zimperium’s zLabs team is yet to give an ETA. According to me, the release should happen sometime after one or two weeks.

Zimperium is a professional security research company and there’s no good reason as to why they might back off now.

For more iOS 11.2 security updates, give us a follow on Facebook and Twitter.

Leave a Reply