Google’s Ian Beer is back again, who was responsible for an exploit in iOS 11.0-11.1.2 that gave us first public jailbreak on iOS 11.
The Googler who informed Apple and the company fixed the exploit with the release of iOS 11.3.1, has now released the POC info on the exploit to the public.
While iOS 11.3.1 includes a fix for it, anyone running a version on iPhone and iPad software that is older than this release will still potentially be vulnerable. The flaw was originally discovered back in February and according to Beer, the new flaw is “MacOS/iOS ReportCrash mach port replacement due to failure to respect MIG ownership rules” which may not mean anything to most people. The description of what this proof of concept is not easier to understand for those of you who are not quite in Ian Beer’s league, but for those interested here’s what he had to say about it.
ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes.
Most processes can talk to ReportCrash via their exception ports (either task or host level.)
You would normally never send a message yourself to ReportCrash but the kernel would do it on your behalf when you crash. However using the task_get_exception_ports or host_get_exception_ports
MIG kernel methods you can get a send right to ReportCrash.
ReportCrash implements a mach_exc subsystem (2405) server and expects to receive
mach_exception_raise_state_identity messages. The handler for these messages is at +0x2b11 in 10.13.3.
Of course, there is lot more technical coverage over on the Chromium bugs webpage, and Beer does say that the issue does represent a “plausible exploitation scenario.”
With the bug now been fixed in iOS 11.3.1 and POC details on it made public, we expect to see some developer from jailbreak community making some use of it for those on iOS 11.3 and below. Although it’s still too early to say anything authenticate this could be turned into something like Electra which as mentioned earlier is also based on Beer’s previous work on 11.0-11.1.2.
Up next to check out:
- iOS 11.3.1 Downgrade To iOS 11.3: Apple Stops Signing The Firmware Means It’s No Longer Possible
- Download Windows 10 April 2018 Update 1803 ISO Right Immediately
- Fortnite 4.0 Season 4 With Patch Notes Released, Here Are The Details
- Jailbreak iOS 11.3.1 Successfully Achieved On iPhone X With Cydia By Keen Security Lab
- Fortnite Patch 4.0 Update Detailed, Here’s What Is Known So Far
- Jailbreak iOS 11.3 / 11.2.6 / 11.2.2 On iPhone And iPad [Status Update]
- Download iOS 11.3.1 IPSW Links, OTA Update With Fix For Third-Party Screen Repair Issue