Zimperium zLabs Team To Release iOS 11.2.2 Vulnerabilities, Potentially Leading To Jailbreak
Rani Idan, who is a member of Zimperium zLabs Team, has announced that his team will be releasing multiple vulnerabilities found in Apple’s “bluetoothd” daemon affecting iOS 11.2.2 and below firmwares.
The announcements comes in the form of a post on the official Zimperium blog where the said vulnerabilities are detailed.
Since these vulnerabilities have been patched by Apple in last week’s iOS 11.2.5 release, and have been acknowledged by the company in the iOS 11.2.5 final release notes with due credits given to Rani Idan of Zimperium zLabs Team for the discovery, they will now be made public for research and other purposes.
The first vulnerability is memory corruption in bluetoothd and the other is execution of arbitrary code on different crucial daemons. The first vulnerability (CVE-2018-4095) is full relative (ASLR bypass) control on the stack in CoreBluetooth that leads to memory corruption over bluetoothd.
The second major vulnerability (CVE-2018-4087) leads to execution of arbitrary code on different crucial daemons in iOS by hijacking the session between each daemon and bluetoothd. Some of the impacted daemons are: SpringBoard, mDNSResponder, aggregated, wifid, Preferences, CommCenter, iaptransportd, findmydeviced, routined, UserEventAgent, carkitd, mediaserverd, bluetoothd, coreduetd and so on.
What this could all mean is that just like how we saw with Google’s Project Zero member Ian Beer’s iOS 11.0-11.1.2 exploit turned into a jailbreak for public, we could also see a similar thing happened for devices running iOS 11.2-11.2.2. Now of course this would need work before it could be turned into a workable jailbreak solution, but given how the community is active these days with jailbreak tools for iOS 11.1.2 arriving left and right, it wouldn’t surprise me one bit if we saw a similar thing happened for iOS 11.2.2 and below once the aforementioned vulnerabilities are made public.
Since iOS 11.2.2 is still being signed, my advise would be to downgrade to it while you can from iOS 11.2.5 for a potential future jailbreak. Always better to be safe then sorry, especially for those who missed the boat on iOS 11.1.2 jailbreak.