Google’s Project Zero, a team focused on discovering vulnerabilities in others companies’ software, appears set to release an exploit it recently found in iOS 11. While the vulnerability has been patched with iOS 11.2, the exploit may allow for the first publicly available jailbreak for iOS 11.
As mentioned by Motherboard, it may sound curious to hear that Google, one of Apple’s biggest competitors was researching iOS vulnerabilities. However, this is exactly what Project Zero is designed to do, and one of its security researchers, Ian Beer, is a renowned iOS bug hunter.
Beer was responsible for finding and reporting to Apple 5 of the 15 security issues that the most recent iOS 11.2 update fixed. A tweet this week from Beer said that he will soon share more and gave a heads up to keep a device on 11.1.2 or earlier for those interested.
If you're interested in bootstrapping iOS 11 kernel security research keep a research-only device on iOS 11.1.2 or below. Part I (tfp0) release soon.
— Ian Beer (@i41nbeer) December 5, 2017
Motherboard notes that “tfp0 stands for ‘task for pid 0,’ or the kernel task port, which gives you control of the core of the operating system.” It also predicts that Beer won’t share a “full, untethered jailbreak, meaning you will have to plug the phone into a computer to exploit it ever time it boots up.”
However, those in the infosec space believe what Beer does release will allow for others to create a full jailbreak for iOS 11.
Marco Grassi, a researcher who’s done jailbreaks for Tencent’s Keen Lab, said that from Beer’s exploit it will “definitely be doable to make a complete jailbreak, especially for [iPhone] 6s and previous ones.”
While we saw a jailbreak demonstrated for iOS 11.1.1 last month, it hasn’t been made publicly available. As for Beer’s exploit, other people, such as developer and author Jonathan Levin, have already prepared resources to help interested parties make use of the tfp0 release.
Coming soon: The #jailbreak toolkit – a dylib for those people who end up with a send right to the kernel_task port (a.k.a tfp0) in their process, but don't know what to do next.
— I don't talk about Darwin, no, no, no… (@Morpheus______) December 7, 2017
Another aspect of Beer making these findings public is that is should help security researchers find other bugs and exploits.
It has been a tough (and abnormal) stretch as far as security and bugs go for Apple lately. Ranging from the serious root vulnerability on Mac, the zero day HomeKit vulnerability this week, to the less serious, but annoying ‘i’ autocorrect bug there have quite a few issues in a short amount of time.
However, like Zac mentioned yesterday, all of these issues give Apple a chance to look at adjusting and improving its procedures and protocol moving forward.
Check out 9to5Mac on YouTube for more Apple news:
FTC: We use income earning auto affiliate links. More.
Comments