Team Pangu is back and has one member has shared something interesting on Twitter. The iOS kernel has gotten more secure as it used to be the main way for jailbreak to function. Continue reading after the break.
A Message From Our Sponsors:
Wang Teilei disclosed that Apple has patched IOSurface Kernel extension. Here is what he said, "
Here is how this could have been used.
The jailbreak process of to make this possible is extremely hard. It must need to have another vulnerability present to be used. This is important and may be able to be used for a jailbreak for iOS 10.3 - 11.1.2
- The hacker creates an arbitrary fake port and then releases it. The user-mode port still points to the port address that has just been released.
- The hacker then performs a cross-zone attack to fill the fake port.
- Port address is now readable leading to a heap address leak.
- The hacker now accesses base address of the kernel.
- By filling the fake task port, the hacker achieves kernel read-write permissions.
The jailbreak process of to make this possible is extremely hard. It must need to have another vulnerability present to be used. This is important and may be able to be used for a jailbreak for iOS 10.3 - 11.1.2