Min Zheng made waves in the jailbreaking community after a recent announcement that he had discovered a key exploit, and a recent post to social media has confirmed that Min Zheng and his team have kernel read/write capabilities and that they will be working with Apple to patch the bugs – potentially causing issues for those working on an iOS 11.3 jailbreak
Zheng made the discovery of an iOS 11.3 jailbreak potential a few weeks ago, which had many anticipating a future where the current firmware and the jailbroken software were one and the same. In an unfortunate turn of events for the iOS 11.3 jailbreak community, Zheng has now announced that he will be cooperating with Apple rather than jailbreakers in order to patch the bugs that enterprising developers so desperately want to exploit.
The initial news was that Zheng and his team had managed to bypass KASLR, which is a technology that stores data in random rather than fixed locations – an important security measure to impede would-be hackers and those looking for an expedient iOS 11.3 jailbreak. The latest social network communication from Zheng simply says “Well, break KASLR and gain arbitrary kernel R/W on iOS 11.3,” and includes a screenshot that gives proof of the exploit. For the majority of viewers, this snippet won’t mean much of anything, but for those working on the iOS 11.3 jailbreak it’s a major deal – and Zheng may be going directly to the “enemy” that will impede efforts to crack this notoriously difficult update.
Well, break KASLR and gain arbitrary kernel R/W on iOS 11.3: pic.twitter.com/bTpDclgE49
— Min(Spark) Zheng (@SparkZheng) April 11, 2018
Min Zheng is associated with Alibaba and is a security researcher. He has no vested interest in creating an iOS 11.3 jailbreak, and instead is planning to inform Apple of the problems so that they can tighten up the security. These researchers play a major part in the development of software by trying to crack what developers thought was secure and providing input on how to patch any holes or errors to keep the integrity of the software intact.
Apple has been notoriously difficult when it comes to opening up their operating system, choosing instead to lock things down as much as possible. This strategy has generally paid off for them in that their seamless ecosystem runs the same way on each of their devices. A large part of the appeal of an Apple ecosystem is the ecosystem itself – with the ability for various devices to interact easily with each other making the company an easy choice for those who value convenience and have the funds to afford it. Apple has worked their hardest to prevent an iOS 11.3 jailbreak – just as they had worked to prevent each previous crack of their operating system. By refusing to sign older software, those who have upgraded to the most recent version are out of luck at this point – and Min Zheng may have made the iOS 11.3 jailbreak hack significantly more difficult by going to Apple with news of the holes rather than sharing it with the community at large.
Min Zheng has recently come forward with a confirmation that the company would, indeed, work with Apple on making the operating system more secure.
“We submitted a talk about these vulnerabilities and exploit techniques to a conference. If the talk is accepted, we will help Apple to fix these problems and disclose the detail of the vulnerabilities.”
We submitted a talk about these vulnerabilities and exploit techniques to a conference. If the talk is accepted, we will help Apple to fix these problems and disclose the detail of the vulnerabilities. https://t.co/gaLPHiQ6DX
— Min(Spark) Zheng (@SparkZheng) April 11, 2018
The good news about this whole situation is that a talk with Apple regarding the exploit will probably reveal information about the bug to the general public – perhaps opening up the possibility of a jailbreak on this operating system. As soon as a new patch is released, however, those on the latest operating system may be out of luck when it comes to an iOS 11.3 jailbreak.
While informing Apple of the problems with the operating system is a potential problem, as mentioned above, the fact remains that Apple has little control over what people do with the software that is currently available on the phone. Once a patch has gone out, the only real way to fix it is to release a follow-up patch, meaning that an iOS 11.3 jailbreak may still be more likely than we think – it’s 11.3.1 that may be the major issue.
Overall, it’s difficult to say one way or another whether we’ll see an iOS 11.3 jailbreak in the near future. While it’s possible we’ll get our hands on the information that is shared with Apple through some sort of leak, it’s more likely that developers working on the iOS 11.3 jailbreak will be left to their own devices to try to figure out what Zheng and his team have already discovered – or perhaps even a new vulnerability entirely.