iOS 11.4.1 Jailbreak: Brandon Azad To Present Exploit Fixed In iOS 11.4.1 This September
The jailbreak community is actively looking forward to iOS 11.4.1 jailbreak updates. This time around, it is about exploiting the CVE-2018-4280 which is fixed in iOS 11.4.1.
Brandon Azad, a graduate from Standford who studied Computer Science with a focus in Systems and Security, posted an announcement last July 30, 2018 on his Twitter account saying that he will be presenting a topic on “Crashing to root: How to escape the iOS sandbox using abort()” at the beVX Conference. According to him, he will be showing how to exploit the CVE-2018-4280 (fixed in iOS 11.4.1) by crashing it maliciously in order to elevate privileges, defeat codesigning, and spawn a shell on the iOS 11.2.6. 4 jailbreak.
I'll be presenting "Crashing to root: How to escape the iOS sandbox using abort()" at @bevxcon this September. I'll show how to exploit CVE-2018-4280, fixed in iOS 11.4.1, by crashing maliciously in order to elevate privileges, defeat codesigning, and spawn a shell on iOS 11.2.6. pic.twitter.com/tRxLqD55fY
— Brandon Azad (@_bazad) July 30, 2018
Speaking of the beVX Conference, this event is expected to take place on September 20-21, 2018 at the Marco Polo Hotel in Hong Kong. It is held annually and described as an “all offensive security conference”. In addition to this, the event heavily focuses on highly technical offensive topics such as advanced exploitation techniques, vulnerability discovery, and reverse engineering.
What Will Other Topics Be Presented There?
Aside from Azad, there will be other presenters (or guests) that will be invited to talk as well. Just to name a few:
- Niklas Baumstark is set to be on the “Thinking outside the (Virtual)Box”
- Julian Rauchberger and Tobias Dam scheduled to be on the “Breaking the Bluetooth stack: Where to look and what to expect”
- Sheng-Hao Ma on the “Playing Malware Injection with Exploit thoughts”.
- Luat Nguyen on the “Tail of pdfium use-after-free series”
- Vitaly Nikolenko on “Dissecting a 17-old Linux Kernel Bug”
Keep in mind that the event is set for September and we’ve only mentioned a few names. There’s still plenty of more time before the event so we can safely assume that in the coming weeks there will be more topics.
So, are you looking forward to the event? If yes, will you be attending Azad’s presentation about exploiting the CVE-2018-4280 which is fixed in iOS 11.4.1 that has raised hopes of a potential iOS 11.4 jailbreak? Tell us in the comment section below.