Google’s Project Zero iOS bug hunter Ian Beer has posted details of an iOS 11 exploit that could offer a jailbreak for iOS 11.1.2.
Beer last week teased that he had a feat Called ‘tfp0’, which is short for the kernel task port on iOS, and is now followed by an exploit using two recently patched flaws that may offer the rare prospect of a possible iOS jailbreak.
It seems that what he released is not a full jailbreak but enough to allow security researchers to bypass software restrictions imposed by Apple and test a new version of iOS. It can also help create a jailbreak for those who want to test iOS 11.1.2 or earlier.
Beer released details of a ‘Async_wake’ exploit and Proof of Concept Local Kernel Debugging Tool for iOS 11.1.2 Monday. Apple released iOS 11.2 on December 2, so the tools won’t work on updated iPhones.
As detailed in Project Zero bug repository, Beer’s problem is related to a memory flaw in IOSurface, a kernel extension.
Jailbreaking researchers Team Pangu claim they discovered the same flaw last year and are using it to jailbreak an iPhone during internal searches.
Beer posted his feat after Team Pangu revealed a proof of concept feat for one of the iOSurface vulnerabilities he reported to Apple.
Researcher of the Pangu team Wang Tielei described iOS 11.2 as a “big loss” because it blocked a kernel vulnerability that could be exploited from an iOS application sandbox.
Beer’s exploit uses a combination of the IOSurface bug, another kernel bug fixed in iOS 11.2, and specially crafted kernel messages to get the prized tfp0 on Apple devices.
Beer has confirmed that his technique works on the iPhone 7, iPhone 6s, and iPod Touch 6G if they are running iOS 11.1.2. He notes that it should be easy to wear on other models. He also tested it on a MacBookAir 5.2 running MacOS 10.13.
Previous and related coverage
iOS 11.2 released for iPhone, iPad and iPod touch
Lots of bugfixes and tweaks, and some new features.
Apple Pay Cash, automatic correction bug fixed in iOS 11.2 beta
Available through the company’s beta program, Apple Pay Cash is finally here.
Learn more about iOS 11 security