Zimperium Finally Makes Promised iOS 11.2.2 Vulnerabilities Public
You may remember back toward the end of January when we let you know that Rani Idan of Zimperium zLabs announced that he had discovered multiple vulnerabilities in Apple’s “bluetoothd” daemon. Those vulnerabilities were known to affect iOS 11.2.2 and below.
Now, since Apple responded to the vulnerability and issued fixes with iOS 11.2.5 and over, Idan has published an additional blog post outlining his vulnerability PoC used to exploit those discovered issues and make them public knowledge.
You can almost feel the ears of jailbreak lovers around the world stand to attention as they begin to wonder if an iOS 11.2.2 jailbreak will be possible through the use of these new vulnerabilities. Idan has published the blog post on the official Zimperium website titled “CVE-2018-4087 PoC: Escaping the sandbox by misleading bluetoothd”, with the first part of that title referencing the bug code as outlined by Apple in its security release notes when the issues were fixed with a firmware upgrade.
He then goes on to inform that “The PoC is released for educational purposes and evaluation by IT Administrators and Pentesters alike, and should not be used in any unintended way.”
Both of the discovered vulnerabilities were addressed by Apple with the release of iOS 11.2.5, tvOS 11.2.5, and watchOS 4.2.2, meaning the latest firmware versions are no longer affected by them. However, it does still mean that anyone on iOS 11.2.2 could welcome a jailbreak in the future if someone with the requisite skills can take this information and turn it into something tangible that could be used by the jailbreak community.
Of course, a similar process was followed when Ian Beer of Project Zero discovered and revealed the aysnc_wake exploit to Apple, which, as we all know, resulted in the production of multiple jailbreaks, including the now-popular Electra jailbreak.
There’s absolutely no guarantee that these vulnerabilities can be exploited to produce a jailbreak for iOS 11.2.2 but it’s worth clinging onto some hope. No matter how small it is, Idan of Zimperium zLabs has done all that he can by discovering the issues, writing about them in detail, and even publishing a proof-of-concept. It’s now up to someone from the world of jailbreak to step forth and take on the challenge.
You can check out the complete blog post on the vulnerabilities here. Again, these vulnerabilities are patched in both iOS 11.2.5 and the latest public firmware iOS 11.2.6. If you are below those two firmware versions but over 11.1.2, you may wanna hold on to it for a while just to see if anybody comes up with something. We will of course keep you updated on it. Stay tuned for more.
Source: redmond pie
- iOS 11.2.2 Jailbreak With Electra Might Be Possible, Here’s What You Need To Know UnjailMe Demos Sandbox Escape For iOS 11.2 By Zimperium On iOS 11.2.6 Zimperium zLabs Team To Release iOS 11.2.2 Vulnerabilities, Potentially Leading To Jailbreak iOS 11.2.2 Jailbreak Update: Kernel Exploit Could Lead to an Untethered Jailbreak Apple Has Stopped Signing All Public Firmwares Except iOS 11.2.5 Apple Releases iOS 11.2.2 Security Update with Spectre Mitigations for Safari iOS 11.2.2 Signing Window Glitch Allows You to Downgrade from iOS 11.2.5 for Potential Jailbreak iOS 11.2.2 Jailbreak Could Be Possible With A New Vulnerability Discovered By Adam Donenfeld