|
Ian Beer
@i41nbeer
|
5. lip 2018. |
|
iOS 11.4 patched kernel memory corruption bugs I reported in two distinct areas: mptcp and vfs. My exploit for the mptcp bug is here: bugs.chromium.org/p/project-zero… Please read the README. It requires an Apple developer cert.
|
||
|
|
||
|
Ian Beer
@i41nbeer
|
5. lip 2018. |
|
That is the same bug as already publicly documented from the patch by @elvanderb and exploited by @jaakerblom, see John's repo here: github.com/potmdehex/mult…
|
||
|
|
||
|
Ian Beer
@i41nbeer
|
5. lip 2018. |
|
The vfs bug doesn't require an Apple developer cert but is considerably harder to exploit. You get to write 8 NULL bytes off the end of a kalloc.16 buffer. It's sufficiently hard to exploit that it's worth trying just to demonstrate that such issues are reliably exploitable...
|
||
|
|
||
|
Ian Beer
@i41nbeer
|
5. lip 2018. |
|
see eg The Poisoned Nul Byte, 2014 by @scarybeasts googleprojectzero.blogspot.com/2014/08/the-po… . But it takes time. The mptcp exploit is mostly recycled bits of earlier exploits. The getvolattrlist bug needs some new techniques.
|
||
|
|
||
|
Ian Beer
@i41nbeer
|
5. lip 2018. |
|
The trigger is here: bugs.chromium.org/p/project-zero… If you're in to iOS exploit dev take a go at it and blog about it! I'll publish what I have soon, hopefully this week.
|
||
|
|
||
|
Ian Beer
@i41nbeer
|
5. lip 2018. |
|
Finally: always keep your personal iOS devices up to date and only use these tools on devices which don't have any personal information and are only used for research.
|
||
|
|
||
|
Kane B
@IndieDevKB
|
5. lip 2018. |
|
What’s vfs stand for?
|
||
|
|
||
|
smokin1337
@smokin1337
|
5. lip 2018. |
|
Virtual file system I’m pretty sure
|
||
|
|
||
|
Forstart
@arlison_reyes
|
5. lip 2018. |
|
So about how long will it take to make the jailbreak
|
||
|
|
||
|
Tyler
@Yktv_Ty
|
5. lip 2018. |
|
Depends on how long coolstar takes to update Electra now that the exploit came out👍
|
||
|
|
||
|
Not Adrian.mmv_
@NotAdrian_mmv
|
5. lip 2018. |
|
Wen is dA exPlOyt Gunna B RElieSe?
|
||
|
|
||
|
Vic
@heatedvic
|
5. lip 2018. |
|
That is the exploit silly
|
||
|
|
||
|
Chris
@CAnonymousTweet
|
5. lip 2018. |
|
|
||
|
H4U
@h4u911
|
5. lip 2018. |
|
Thanks for all your hard work 🎉💙🎉
|
||
|
|
||
|
Beastron
@TheBeastron
|
5. lip 2018. |
|
I love you
|
||
|
|
||