Adam Donenfeld – who is part of the same Zimperium team which teased a number of bugs in iOS 11.2.2 – has once again thrown the cat amongst the pigeons in the jailbreak community by confirming that he is in possession of yet another kernel-level bug in iOS, this time affecting versions of Apple’s mobile platform below the current iOS 11.2.5 release.
Announced in a series of tweets, Donenfeld has confirmed that Apple has finally acknowledged his “kernel heap overflow” bug and fixed it as part of the iOS 11.2.5 release, outlined as reference CVE-2018-4109 in Apple’s security release notes.
The security researcher has also stipulated that he didn’t specifically write an exploit for this bug to put it into practice but that it is “accessible from the sandbox” and that existing frameworks could put this to good practice for the sake of a < iOS 11.2.5 jailbreak, such as one available from Jonathan Levin. He tweeted the following:
If it makes it better in any case, this is accessible from the sandbox (so theoretically if someone plans to write an exploit, @Morpheus______’s jailbreak framework can be used with that).
The existence of this bug means that we can potentially see a jailbreak in the future for iOS 11.2 through to iOS 11.2.2. Up until now, the latest jailbreakable version of iOS is iOS 11.1.2, using tools like Electra or LiberiOS.
It seems that this can only be good news for the jailbreak community, specifically those who have upgraded beyond iOS 11.1.2 but who haven’t quite made it to iOS 11.2.5 just yet. If someone does step up to the plate and take on the challenge, then we can hopefully expect to see a jailbreak tool being pushed out into the community for liberating device on or below iOS 11.2.2.
As a final sidenote, it’s definitely worth mentioning that if this kernel heap overflow bug is turned into an exploit, and ultimately into a public jailbreak, by someone with the technical knowledge and capabilities, then it would only be useful to those iPhone and iPad owners who are currently sitting on a version of iOS less than iOS 11.2.5. This is because Donenfeld has already confirmed that this bug has been patched with the release of iOS 11.2.5, and with Apple no longer signing any firmware below the current public release, it means that device owners won’t be able to roll back to a compatible version containing the exploitable bug.
Source: redmondpie