Article iOS 11.2 - iOS 11.2.2 Jailbreak Is Close!


Redacted T6 Moderator
Staff member
A jailbreak for iOS 11.2 through iOS 11.2.2 can come sooner than we think. On January 29th, 2 bluetoothd daemon vulnerabilities were discovered by the Zimperium team.

The first vulnerability (CVE-2018-4095) is full relative (ASLR bypass) control on the stack in CoreBluetooth that leads to memory corruption over bluetoothd.
CVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team

The second major vulnerability (CVE-2018-4087) leads to execution of arbitrary code on different crucial daemons in iOS by hijacking the session between each daemon and bluetoothd. Some of the impacted daemons are: SpringBoard, mDNSResponder, aggregated, wifid, Preferences, CommCenter, iaptransportd, findmydeviced, routined, UserEventAgent, carkitd, mediaserverd, bluetoothd, coreduetd and so on.
CVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team

Those were just 2 vulnerabilities through the bluetoothd daemon. However, Adam Donenfeld of the same Zimperium team, has teased us that he is in the possession of another kernel-level bug. Announced in a series of tweets, Donenfeld has confirmed that Apple has finally acknowledged his “kernel heap overflow” bug and fixed it as part of the iOS 11.2.5 release, outlined as reference CVE-2018-4109 in Apple’s security release notes. The security researcher has also stipulated that he didn’t specifically write an exploit for this bug to put it into practice but that it is “accessible from the sandbox” and that existing frameworks could put this to good practice for the sake of a < iOS 11.2.5 jailbreak, such as one available from Jonathan Levin.

The existence of this bug means that we can potentially see a jailbreak in the future for iOS 11.2 through to iOS 11.2.2. Up until now, the latest jailbreakable version of iOS is iOS 11.1.2, using tools like Electra or LiberiOS.


Similar threads