Could We Be Close To An iOS 11.4 Jailbreak?: Brandon Azad To Release Exploit Fixed In iOS 11.4.1
Brandon Azad will be sharing a presentation at this year’s beVX Conference this coming September in Hong Kong which will definitely raise hopes of a potential iOS 11.4 jailbreak. Titled “Crashing to root: How to escape the iOS sandbox using abort(),” the talk will definitely appeal to those in the security research and jailbreak communities.
For those that may not know or who aren’t particularly au fait with the global security conference scene, beVX is an annual conference described as an “all offensive security conference” and focuses on “highly technical offensive security topics such as vulnerability discovery, advanced exploitation techniques, and reverse engineering.”
Given the title of this talk and the fact that it contains information on how to reverse engineer system services, bypass protection mechanisms, and then exploit them on Apple’s iOS platform, the beVX experience in Hong Kong this coming September seems like the perfect place for the presentation.
And, of course, if you were to look beyond the talk and the clear security appeal that it has, you also start to wonder about what it could potentially mean for the jailbreak community. Azad has highlighted that the talk will be focused on exploiting the libxpc bug, referenced under CVE-2018-4280, and attributed to him in Apple’s security content released, and patched, as part of iOS 11.4.1. The demonstration looks as though it’s going to focus on iOS 11.2.6 but could also apply as far up the chain as iOS 11.4, and given that it offers escalation privileges it’s reasonable to assume that it could be potentially used for a jailbreak which supports devices running iOS 11.4.
This talk will be presented during the month of September in Hong Kong so we won’t actually know any more about it until then. However, it does mean that the jailbreak community could be on tenterhooks until then, waiting and seeing if anything tangible could actually come of it from a jailbreak perspective. Regardless of the future, it’s still wonderful to see experts and researchers like Azad performing this kind of work and actually bringing it into the public domain via these professionally organized and well-attended conferences. As soon as we know more, we will be sure to let you know.
I’ll be presenting “Crashing to root: How to escape the iOS sandbox using abort()” at @bevxcon this September. I’ll show how to exploit CVE-2018-4280, fixed in iOS 11.4.1, by crashing maliciously in order to elevate privileges, defeat codesigning, and spawn a shell on iOS 11.2.6. pic.twitter.com/tRxLqD55fY