MOSEC 2018: iOS 12 And iOS 11.4 Remote Jailbreak Demoed By 360 Vulcan Team
At this year’s Mobile Security Conference (MOSEC 2018), the 360 Vulcan team has flexed its muscles by showing off an iOS 11.4 and iOS 12 beta remote jailbreak which utilizes Safari and a kernel-level bug to inject its payload.
The jailbreak community is a hive of activity at the moment. Some of the activity is coming from the fact that we now that we are about to receive an iOS 11.3.1 jailbreak, whether that be in the form of an updated Electra IPA or introduced as a JailbreakMe 5.0 experience, as recent chatter suggests.
However, the remainder of the activity comes from a number of individuals and teams who are actively working on discovery vulnerabilities in iOS, exploiting them, and then showcasing their work at security conferences in the form of a jailbreak demonstration.
The latter is exactly what we currently have with this latest 360 Vulcan team demonstration. The jailbreak has been demonstrated as part of the huge Mobile Security Conference – commonly referred to as MOSEC – in Shanghai, and showed how devices can be jailbroken running Apple’s latest public release, iOS 11.4, as well as the company’s iOS 12 pre-release firmware, using Safari and a kernel-level bug to get the required access to the device and to inject the payload.
This is what is affectionately known in the community as a “JailbreakMe” jailbreak, and was recently demonstrated as a viable solution by Nikla Baumstark using a combination of bugs by Ian Beer and Samuel Groß.
As with previous demonstrations that we’ve seen from this team – as well as other teams like it – it’s very unlikely that this will ever make it into a public-facing jailbreak and be offered to device owners to liberate their devices from Apple’s walled-garden. It is, however, an excellent technical achievement that will be applauded in the security research community and will likely include bugs in iOS 12 that have been, or will be, reported to Apple and closed before it makes it into the hands of the public.
So, with this jailbreak being for research only, all focus and attention are still on the Electra team as we wait for a public release date to be given for Electra1131.
It’s also perhaps important to note that this is not the first time an iOS 12 beta jailbreak or an iOS 11.4 jailbreak have been demoed in public domain, with Keen Lab being first to demo a jailbreak on iOS 12 only a few days ago while Richard Zhu getting the honors of jailbreaking iOS 11.4 first earlier this month.