In today's video, we're discussing a new Kernel vulnerability PoC that was released for iOS 12.1.4 and 12.1.3, and we're also discussing upcoming iOS 12.2 vulnerabilities from Ned of Google Project Zero and whether these can be used for a jailbreak or for downgrades with SHSH2 blobs. Today's PoC comes from security researcher maldiohead of Qihoo 360 Nirvan Team. He posted the kernel heap info leak vulnerability (CVE-2019-6207) which also works from inside the iOS sandbox which makes it an interesting vulnerability to play with.
Unfortunately, this vulnerability was patched back on iOS 12.2. No idea why maldiohead decided to release it only now, but it is not a new vulnerability that was patched in 12.3. At any rate, this vulnerability does not provide the kernel task port, so no tfp0, hence it cannot be directly plugged into an existing jailbreak to update it to iOS 12.1.3 and iOS 12.1.4. To make matters worse, Ned's upcoming PoCs for iOS 12.2 and lower also don't provide the kernel task port, which makes their use rather limited.
While a kernel heap info leak is definitely a hefty vulnerability (as the kernel is supposed to be isolated from the userspace), it is unfortunately too little for a full jailbreak which requires full read / write privileges over the kernel memory (usually achieved with tfp0). Do not forget to subscribe to stay updated with the latest #iOS and #Jailbreak news.
▽ Resources ▽
▶ iOS 12.2 / 12.1.4 / 12.1.3 JAILBREAK GOOD NEWS | NEW EXPLOITS TO COME
▶ How to Install Unc0ver and Chimera JAILBREAK WITHOUT COMPUTER (NO PC) iOS 12.0 – 12.1.2
▶ AWESOME iOS 12 CYDIA TWEAKS: BEST FREE Tweaks to Install On iOS 12.0 – 12.1.2