Is Google dropping a powerful iOS exploit that could allow full iPhone jailbreak?
The upcoming release may just be the first part of more public releases to be made by Google.
The infosec community is reportedly freaking out after a Google security researcher took to Twitter to announce an upcoming release of a powerful iOS exploit. The tweet has reportedly stirred up excitement because iOS exploits are fairly rare. For instance, the last public iPhone jailbreak was reportedly available only for iOS 10 and it doesn't even work on iPhone 7.
Motherboard reported that Google Project Zero researcher Ian Beer, who is also a well-known iOS bug hunter and has previously even discovered zero-days in iOS, recently tweeted about publicly unleashing an iOS 11 exploit. The announcement has since led to the jailbreaking community to speculate that the upcoming release may be a massive step toward an iPhone jailbreak.
iPhone jailbreaks are highly valuable and commonly sought-after by exploit developing firms. In 2016, mere months after Apple released iOS 10, Zerodium – a software exploits broker – offered a massive $1.5m (£1.1m) bounty to anyone who could find zero-day vulnerabilities in iOS 10.
Some security researchers reportedly believe that the tool could be used to fully jailbreak an iPhone. Beer's tweet also hinted at the possibility that the upcoming release may just the first part of more releases to be made by Google.
Security researcher Marco Grassi, who has previously jailbroken devices for Tencent's Keen Lab, told Motherboard that using Beer's yet-to-be released tool, it will "definitely be doable to make a complete jailbreak, especially for [iPhone] 6s and previous ones.
If you're interested in bootstrapping iOS 11 kernel security research keep a research-only device on iOS 11.1.2 or below. Part I (tfp0) release soon.
— Ian Beer (@i41nbeer) December 5, 2017
Motherboard reported that Beer discovered and reported five of the recently patched 15 iOS 11.1.2 vulnerabilities. The exploit about to be released may likely have already been patched by Apple. However, security experts reportedly believe that Beer's upcoming release may help security researchers to hunt around for more iOS bugs.
"They are releasing the bare minimum required to allow security researchers to research iOS," a former unnamed Apple security engineer told Motherboard.
A day after Beer tweeted about releasing the exploit, Apple expert Jonathan Levin, who has authored a series of books on Mac OSX and iOS internals, wrote on Twitter that he intends to release a library that security researchers and developers can use to integrate Beer's soon-to-be-released tool. Levin told Motherboard that the dynamic library could help researchers develop a complete iPhone jailbreak.
Coming soon: The #jailbreak toolkit - a dylib for those people who end up with a send right to the kernel_task port (a.k.a tfp0) in their process, but don't know what to do next.
— Jonathan Levin (@Morpheus______) December 7, 2017
It is still unclear as to when Beer intends to release the exploit.
This is not the first time that iOS exploits have been publicly released by security researchers. In August, a hacker leaked the decryption key to Apple SEP (Secure Enclave Processor) firmware, which hackers could leverage to access previously encrypted iOS elements. Later that same month, a security researcher publicly released zIVA – a fully functional kernel exploit that affected iPhones and iPads running 10.3.1, which allowed hackers to root Apple devices.
