CVE-2017-13865 is a kernel flaw that allows an application to read restricted memory, and CVE-2017-13861, a weakness in IOSurface that can be leveraged to execute arbitrary code with kernel privileges. Both security holes were already patched by Apple in early December with the release of iOS 11.2.
Google Project Zero researcher Ian Beer has released the exploit in an effort to help security researchers analyze Apple devices by running their own tools. His exploit was tested on iPhone 7, iPhone 6s and iPod Touch 6G running on iOS 11.1.2 he believes support can easily be added for other devices.
How does it work?
The researcher’s exploit targets task_for_pid 0 (tfp0), a function that provides access to the kernel task port and which can be useful for jailbreaking, and a local kernel debugger.
The vulnerabilities necessary for a jailbreak have become increasingly difficult to find and Apple has implemented many of the features that in the past required third-party apps and jailbroken devices.
Many users are hoping to see an iOS 11 jailbreak in the coming weeks, the thing is that Apple might fix it anyway with another update.
- iOS/MacOS kernel double free due to IOSurfaceRootUserClient not respecting MIG ownership rules (bugs.chromium.org)