We only just received Electra’s iOS 11.4.1 jailbreak late last week, but it sounds like an iOS 12 jailbreak could be just around the corner. Ian Beer from Google’s Project Zero has now released a kernel exploit for iOS 12.1.2. Although this exploit isn’t a full-fledged iOS 12.1.2 jailbreak, it could represent a major step in that direction.
We’ve been hearing calls for an iOS 12 jailbreak for months, almost since Apple pushed out the new version of its mobile operating system. Thus, many in the jailbreak community are probably thinking that it’s about time.
Exploit could lead to iOS 12.1.2 jailbreak
According to Redmond Pie, Beer’s kernel exploit comes on the heels of colleague Brandon Azad’s recently-announced “voucher swap” exploit. Azad explained how he exploited a bug that Apple ended up patching in iOS 12.1.3. It involves creating a “fake kernel task port,” which then enables developers to write new kernel memory. Apple attributes the discovery of the bug to Azad and Qixun Zhao from Qihoo 360 Vulcan.
Ian Beer’s new kernel exploit builds upon that previous vulnerability. It exploits what Redmond Pie describes as a “kernel heap overflow bug in ‘PF_KEY due to lack of bounds checking when retrieving statistics.” Beer’s exploit could result in an iOS 12.1.2 jailbreak and should also apply to macOS 10.14.2.
He published some information on his exploit, including sample code and an explanation of what happens. He also credited “Ned Williamson’s fuzzer” for inspiring him to examine the netkey code to come up with his work. Beer released his findings via Chromium here if you want to read more about his iOS kernel exploit.
Public iOS 12 jailbreak could be near
Developers have been working hard to crack iOS 12 for quite some time. So far there have been some partial jailbreak tools like OsirisJailbreak12, which was designed entirely for developers because it’s incomplete. However, there hasn’t been any solution for the average member of the jailbreak community—someone with enough skill to break their iOS device out from Apple’s tight grip, but not enough knowledge to take a partial jailbreak and turn it into something usable on their own device.
However, now that Beer has released his findings, it seems like at least one of the well-known jailbreak developers like Electra, unc0ver or others will be able to pick up the torch and run with it. Of course, we must add that there were reports about a WebKit RCE exploit for iOS 12.0.1 released as early as November, so it still could still be a while before a public jailbreak become available. A key question now is which developer will officially release a publicly-available iOS 12.1.2 jailbreak for the rest of the community.