Brandon Azad To Release iOS 11.2.6 Userspace Exploit, Here’s What That Means For Jailbreak Community
You may remember that back in April it became public knowledge that Brandon Azad was working on what he called a “userspace [sic] security research platform” which would be applicable to iOS 11.2.6 or below.
Things have been relatively quiet since then but it now seems that Azad plans on sharing his work with the community, as well as the general public at large, after recently confirming that he has submitted a talk on the subject to a security conference.
Azad, like many other individuals involved in the security research aspect of software, has used his social media platform of choice to make the announcement. The announcement is a follow-on from the original post from two weeks ago, and confirms that he has put together a presentation on the topic of his iOS 11.2.6 user-space security research work and that he is waiting to see if it gets accepted. This will then inform the timescales of when his userspace exploit is thrust into the public domain:
This is a userspace-only exploit (no kernel vulnerabilities), but still gets you a shell. I’m submitting a talk about this work to a security conference. When the exploit becomes public will depend on when the issue gets fixed and whether the talk is accepted.
It’s always interesting to see any progression in the jailbreak community, whatever form that takes, but it’s worth noting that this work, or the research platform itself, is definitely not enough to give device owners a full jailbreak as is currently enjoyed with the Electra jailbreak for earlier versions of iOS 11.
At best, this work could potentially give us something along the lines of Houdini, which is classed as a “semi-jailbreak” and would allow basic code injection processes to take place but wouldn’t allow full root to the device or give the necessary escape privileges to put together a full and functional jailbreak for those later versions of iOS.
There is currently no word on which security conference that this talk has been submitted to or when it will take place. However. the sooner the presentation gets accepted and presented, the sooner we will have additional information about the exploit and the platform which has been put together by Azad, hopefully to the benefit of the community.