If you thought iOS 11.3 brought with it the disclosure of multiple vulnerabilities present in iOS 11.2.6 and older, you are absolutely right. Every day, new vulnerabilities and Proof Of Concepts pop in for iOS 11.2 all the way up to iOS 11.2.6. All these vulnerabilities are mostly different ranging from WebKit vulnerabilities in Safari, all the way up to Kernel vulnerabilities in the iOS itself.

iOS 11.3 mitigated all these vulnerabilities and therefore, it is not considered safe for jailbreak purposes for the moment, but iOS 11.2.x? Perfect. WebKit vulnerabilities, kernel ones, sandbox escapes, things start to settle down pretty well for those of you waiting on iOS 11.2.x for a jailbreak to happen. If a couple days ago we had nothing to use to at least begin poking at iOS 11.2.x, now we can leak the kASLR slide of the Kernel and cause memory corruption in Safari with a brand new WebKit vulnerability from Google Project Zero.

Google Project Zero researchers have made this WebKit (CVE-2018-4121) vulnerability publicly available and it is definitely interesting considering that many jailbreaks in the past have used WebKit vulnerabilities to deploy the jailbreak exploit. Maybe a new JBME? Although it is unknown for the moment whether the developers will be able to use these vulns for jailbreak purposes, the simple fact that they exist and have been publicly demoed by Google Project Zero researchers goes to show that there is a lot of potential in iOS 11.2.x and is just a matter of time until a jailbreak could be created for it.



▽ Resources ▽
Learn how to make iOS Apps!
WebKit vulnerability
The PoC Code
The video about the x18 leak vulnerability
The previous vulnerability
Min (Spark) Zheng's iOS 11.3 0day details


About GeoSn0w

C#, C, Objective-C Programmer | Beginner iOS Security Researcher | Content Creator | Web Developer I like to bring the latest news from the iOS / iDevice / Jailbreak battlefield to you in a beautiful manner :) I hope you like the site. If you do, don't forget to check out my channel :)