It has ben awhile since we wrote anything regarding a jailbreak, this is mainly as there is nothing worth covering, however in the past 24 hours we have seen Ian Beer of Google’s project zero join twitter and tweeted out “If you’re interested in bootstrapping iOS 11 kernel security research keep a research-only device on iOS 11.1.2 or below. Part I (tfp0) release soon.”
A member of the Pangu team also tweeted out iOS 11.2 fixed a port UAF in the IOSurface kernel extension. More details in our blog (in Chinese).
“Apple released the iOS version 11.2 the day before yesterday (details of the security update have not yet been announced) and the tests revealed that this update fixed a kernel vulnerability that could be exploited directly within a sandbox. The team discovered the vulnerability last year and has been using it for jailbreaking the phone in an internal research environment. Vulnerability exists in the call method of the IOSurfaceRootUserClient class, which can cause the port’s UAF.”
The team then go into depth on this vulnerability which could potentially be used in a jailbreak. Luca todesco also tweeted out “Contrary to popular belief, the yalu102 KPP bypass is not dead after 10.3. One of the strategies used doesn’t work anymore, but that’s not strictly necessary. Apple can’t fix the core issue AFAIK. The fact that it’s a design flaw in how watchtower works, and there is no easy way to change the design into something viable without extra hardware changes.”
All these events in one day is a sign that there is still a hope that someone will be able to take this information and create a jailbreak, however as iOS 11.2 patches these vulnerabilities users hoping for a jailbreak would need to stay on iOS 11.1.2. We may not see a jailbreak anytime soon so you will have to weigh up which version you want to stay on.
For those interested in which firmware is still being signed by Apple and which firmware can be jailbroken simply click here.