Google’s Project Zero Team Publishes Pre-iOS 12.1.1 Privilege Escalation Bug That Could Lead To First Public iOS 12 Jailbreak
The Google Project Zero team has made yet another contribution to a potential iOS 12 jailbreak. Most people will be familiar with the work of Ian Beer – who also plies his trade at Project Zero – but this time around it’s Jann Horn who has published a privilege escalation bug which has been patched with the release of iOS 12.1.1.
For companies like Project Zero, the tact appears to be to wait until Apple acknowledges and fixes a bug before it takes the opportunity to publish all related information and material on the topic.
With Apple pushing out iOS 12.1.1 beta last week, Horn and Project Zero has taken the opportunity to push out the information into the public domain. This has included publishing his notes online under the title “XNU: POSIX shared memory mappings have incorrect maximum protection.” You can check it out right here.
Apple has fixed this bug in the latest release of iOS 12 but we don’t currently know a great deal about the vulnerability at the moment other than it is applicable to pre-iOS 12.1.1 versions and that Apple has resolved the problem by addressing a memory corruption issue and implementing the necessary improvements to ensure that the bug hasn’t slipped through into the iOS 12.1.1 source.
Apple may have done the necessary work on its side to ensure that users aren’t plagued by this issue going forward but that doesn’t answer all of the questions that the jailbreak community will have.
iOS 12 has only been with us for a relatively short period of time but it has already been exploited multiple times in various fashions, with company’s like Tencent Keen Labs also proving that the platform can be jailbroken as shown in public demonstrations. However, those companies don’t explicitly work toward putting together a jailbreak for release for public consumption so it will take someone with the necessary skills and the correct intent to take at least one of these bugs and turn it into something usable and releasable. It remains to be seen as to whether or not that will happen.
However, for now, the goods news is that it is very evident that iOS 12 is not bulletproof and it definitely can be exploited to the benefit of the jailbreak community.