Ian Beer Releases iOS 12-12.1.2 Kernel Exploit, Could Be Used In Next Jailbreak

If there is an iOS 12 jailbreak afoot, then the chances are that it’s going to support iOS 12.0 through iOS 12.1.2. Following on from further details of Brandon Azad’s “voucher_swap” exploit, his colleague and security research legend Ian Beer has tipped his hat once again with information pertaining to yet another kernel exploit.

This latest information published by Ian Beer of Google’s Project Zero team is applicable up to iOS 12.1.2 and macOS 10.14.2 and exploits a kernel heap overflow bug in “PF_KEY due to lack of bounds checking when retrieving statistics.”

The information published includes sample code of the exploit and commentary on what is happening as well as confirming that the work was inspired by “Ned Williamson’s fuzzer,” which convinced Beer to take a look at the netkey code.

The comments which have since been added to the publication also confirm that this issue has since been patched by Apple with the release of iOS 12.1.3 and macOS 10.4.3, meaning that it will only be versions of iOS which pre-date the release of iOS 12.1.3 which are susceptible to this exploit. This is yet more great work by the famous Ian Beer, another win for the expertise of Google’s Project Zero team, and potentially a win for the jailbreak community on the whole if someone with the necessary skills and capabilities takes up the challenge of trying to piece together a jailbreak by making use of the various exploits and bugs that we have seen filter into the public domain recently.

We’ve been privy to a lot of activity in the jailbreak community recently in terms of updates to unc0ver and Electra, as well as multiple new iOS 12.x.x exploits being announced and published and even the release of OsirisJailbreak12, an incomplete iOS 12 jailbreak aimed purely at developers. However, even with all of this activity, we are yet to have anything concrete published or announced that would suggest a public-facing iOS 12.x.x jailbreak is imminent.

It will take some time for someone to pull all of the necessary components together and to get past some remaining niggles – such as bypassing CoreTrust, but it would still be a sign of positivity if we had a clear declaration of intent from someone that they were working toward that.

For now, if you want to take a look at the exploit, head over to the project over at Chromium here.

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple, and the Web.