iOS 12 Jailbreak Release: Google Project Zero's Jann Horn Publishes Privilege Escalation Bug Fixed In iOS 12.1.1
Great news for the jailbreak community. The Google Project Zero team has made another contribution to a potential iOS 12 jailbreak. This time around, it’s from Jann Horn who published a privilege escalation bug that was fixed in iOS 12.1.1.
The Privilege Escalation Bug
Last week, Apple publicly released the iOS 12.1.1. According to a report, the minor update didn’t bring out any major features, but it did bring out a few features and bug fixes:
- Notification preview using haptic touch on iPhone XR.
- Dual SIM with eSIM for additional carriers on iPhone XR, iPhone XS, and iPhone XS Max.
- One tap to flip between the rear and front-facing camera during a FaceTime call.
- Live Photo capture during one-to-one FaceTime calls.
- The option to hide the sidebar in News on iPad in landscape orientation.
Five days later, Google Project Zero’s Jann Horn published a privilege escalation bug which has been patched with the release of iOS 12.1.1. Horn published his notes online under the title “XNU: POSIX shared memory mappings have incorrect maximum protection.”
Is An iOS 12 Public Jailbreak Release Inevitable?
It’s important to note that it’s only been a couple of months since Apple has released the iOS 12, but has already been exploited multiple times but prominent figures in the jailbreak community. It just shows that the iOS 12 isn’t bulletproof which means an iOS 12 jailbreak may be released in the public domain in the future.
Just to name a few of the exploits:
Last week, Google Project Zero’s Ian Beer was mentioned by Apple on a document describing the security content of iOS 12.1.1. The kernel bug that Beer found was identified as “CVE-2018-4461” which may be capable of executing arbitrary code with kernel privileges.
There was also Linus Henze’s webkit RegEx exploit. It’s an exploit that can be found within Safari and macOS which affects iOS 12.1 and below.
Want a free Safari 0day? (Ok, it's actually a 1day because it's fixed in the latest WebKit version, but it still works in the latest version of Safari) Then go to https://t.co/CD9IwHUQP8
Please don't do evil stuff with this.
— Linus Henze (@LinusHenze) December 6, 2018
A few days later, Chinese security researcher Min(Spark) Zheng (@SparkZheng) shared his thoughts about Henze’s exploit, saying that it can be used in a remote jailbreak.
Last month, Anh Ki Chan (@Externalist) announced via Twitter that BigD (@begger_dd) submitted another Webkit RCE exploit. Apparently, it comes with a very detailed annotation and works up to iOS 12.0.1.
On the same month, Natalie Silvanovich of Google Project Zero discovered an exploitable bug in the iOS 12.1 firmware. The bug itself is a memory corruption in VCPDecompressionDecodeFrame class that lives within the FaceTime protocol in iOS and macOS.
When do you think an iOS 12 jailbreak will be released in the public domain? Tell us in the comment section below.