I today’s post I have a GREAT news for those who are on iOS 12.1 / iOS 12 or on iOS 11.4.x and waiting for a JAILBREAK. A few hours back SSD(Securiteam Secure Disclosure) published about iOS/Mac Safari Sandbox Escape via QuartzCore Heal Overflow. Link to this exploit
This is, of course, a very important thing, if you see there, it’s pretty much a sandbox escape. This allows you to read and write files outside of your sandbox which is really a powerful step towards an iOS jailbreak. More information has been disclosed about the bug and an exploit has also been posted along with the source code which is really a piece of concept at this level.
Source Code iOS Jailbreak Exploit
The reason behind its importance is that it can actually be in a chain with something that pangu has. A few hours ago Siguza has a discussion in reply to a post by Tielei which is a member Pangu team. Who posted a link to Power of Community conference 2018 about iOService and vulnerabilities and so on.
IOUserclient could be derived from IOUserclient. My POC slides available at https://t.co/9hovYpcGdk
— Tielei (@WangTielei) November 23, 2018
And on Twitter, they discussed iUserClient vulnerability where Siguza replied that, see below
Meaning that the new vulnerability that pangu has is usable on new iPhone Xs, iPhone Xs Max, and iPhone XR. Because these are the only devices containing PAC (Pointer Authentication Code) because A12 chip is based on ARM v8.3.
Moreover, you can see below that a person from PurpleTeam asked
is it possible to write an exploit based on this vulnerability?
Which answer was
Sure, but you need a specific entitlement (so basically a powerful sandbox escape).
Then PurpleTeam member replied saying
This sandbox escape (Posted by SSD) is powerful to launch Pangu’s IOHID exploit?
The Answer was Actually Yes by Siguza
This can indeed a very good step towards iOS 12.1 / iOS 12.0.1 and iOS 12 jailbreak and it’s compatibility with iOS 11.4.1 and iOS 11.4 is possible as well.
This is, of course, bad, if you are on iOS 12.1 you can not downgrade anymore. I recommend you to stay on iOS 11.4 or iOS 11.4.1 if you are already there. If you are updated then do not worry as you have seen above that there are exploits available e.g. SSD. They can chain together to get something awesome.
To know about what’s happening in iOS Jailbreak world follow this link
On the other hand, for pangu’s thing where he has posted about Power of Community conference where he released a PoC (Proof of concept) as well. We pretty much have an exploit created but it’s still not usable at this stage. We need an exploit to be written by a developer who can write vulnerability exploit.
Still, this is a very good thing because that powerful sandbox escape by SSD is also usable for an application like Houdini and torngat. A More fine-tuning may be needed for this exploit before this is completely available for jailbreak. This is, of course, a very good step towards the right direction.
Get real time update about this post categories directly on your device, subscribe now.