Google Project Zero ‘tpf0’ exploit whets appetite for iOS 11 jailbreak

Google’s Project Zero iOS bug hunter Ian Beer has posted details of an iOS 11 exploit that could offer a jailbreak for iOS 11.1.2.

Beer last week teased that he had a feat Called ‘tfp0’, which is short for the kernel task port on iOS, and is now followed by an exploit using two recently patched flaws that may offer the rare prospect of a possible iOS jailbreak.

It seems that what he released is not a full jailbreak but enough to allow security researchers to bypass software restrictions imposed by Apple and test a new version of iOS. It can also help create a jailbreak for those who want to test iOS 11.1.2 or earlier.

Beer released details of a ‘Async_wake’ exploit and Proof of Concept Local Kernel Debugging Tool for iOS 11.1.2 Monday. Apple released iOS 11.2 on December 2, so the tools won’t work on updated iPhones.

As detailed in Project Zero bug repository, Beer’s problem is related to a memory flaw in IOSurface, a kernel extension.


The Project Zero exploit uses an IOSurface bug, another kernel bug fixed in iOS 11.2, and specially crafted kernel messages.

Jason Cipriani / ZDNet

Jailbreaking researchers Team Pangu claim they discovered the same flaw last year and are using it to jailbreak an iPhone during internal searches.

Beer posted his feat after Team Pangu revealed a proof of concept feat for one of the iOSurface vulnerabilities he reported to Apple.

Researcher of the Pangu team Wang Tielei described iOS 11.2 as a “big loss” because it blocked a kernel vulnerability that could be exploited from an iOS application sandbox.

Beer’s exploit uses a combination of the IOSurface bug, another kernel bug fixed in iOS 11.2, and specially crafted kernel messages to get the prized tfp0 on Apple devices.

Beer has confirmed that his technique works on the iPhone 7, iPhone 6s, and iPod Touch 6G if they are running iOS 11.1.2. He notes that it should be easy to wear on other models. He also tested it on a MacBookAir 5.2 running MacOS 10.13.

Previous and related coverage

iOS 11.2 released for iPhone, iPad and iPod touch

Lots of bugfixes and tweaks, and some new features.

Apple Pay Cash, automatic correction bug fixed in iOS 11.2 beta

Available through the company’s beta program, Apple Pay Cash is finally here.

Learn more about iOS 11 security

Source link

About Kelly Choos

Kelly Choos

Check Also

Apple Says iOS 14.4 Fixes 3 Safety Flaws That ‘Could Have Been Actively Exploited’

Along with the brand new options detailed earlier immediately, iOS 14.4 additionally brings a trio …