In today's video, we're discussing the release of a new iOS 12.1.3 vulnerability that has been patched by Apple in iOS 12.1.4 and was finally made publicly available. I am talking about CVE-2019-7286 which is a privilege escalation in Foundation. The ZecOps Research Team did a very good job at detailing the vulnerability and building a proof of concept for it, and they've detailed a few key points relating to this vulnerability. At first, although this is not a kernel vulnerability and it doesn't give you the tfp0 or kernel task port, it's usable for a Jailbreak in a bigger exploit chain. Also, according to ZecOps, the vulnerability seems to be "of critical severity and could have been used potentially also to maintain persistence after reboots", which hints to untethered stuff going on.
Of course, the proof of concept is very useful for a #jailbreak developer to understand where the bug is and what can it do, but it is not an exploit, which means that if a jailbreak developer wants to use this particular vulnerability in his iOS 12.1.3 Jailbreak, they would need to build an exploit for it. ZecOps blog provides a heap load of information about this vulnerability and where the bug is, but one should keep in mind that since this was listed by Apple in #iOS 12.1.4's security contents, it was patched in iOS 12.1.4 so only iOS 12.1.3 and lower is affected.
Anyways, pretty good news for those of you who were unfortunate enough to have to update to a newer iOS version because of jailbreak issues, boot loop, or because the phone updated overnight and couldn't use the Unc0ver Jailbreak. This is definitely not the end game when it comes to jailbreaking iOS 12.1.3, but it's a good start. I will keep you informed as more info unfolds.
▽ Resources ▽
▶ More details about this vuln on ZecOps' blog
▶ AWESOME iOS 12 CYDIA TWEAKS: BEST FREE Tweaks to Install On iOS 12.0 – 12.1.2
▶ iOS 12.1.2 / 12 Unc0ver JAILBREAK RELEASED! HOW TO JAILBREAK iOS 12 (A8x-A11)
▶ iOS 12.1.2 / iOS 12 HOW TO JAILBREAK WITHOUT A COMPUTER (NO PC / NO 7-Days Re-Sign)
▶ HOW TO JAILBREAK iOS 12.1.2 / 12.0 (NO PC) WITH RootlessJB & Install Filza