Google is About to Release an iOS Jailbreak Exploit

2 minute read
| News

Ian Beer, a researcher who is part of Google’s Project Zero security team, tweeted a couple of hints that suggest he will soon publicly release an iOS jailbreak. It sounds shocking that a Google employee would do this, but this is part of Project Zero’s modus operandi, as it routinely searches other companies’ software for bugs.

It might be embarrassing for Apple for a rival to find an exploit in its code, but Project Zero gives companies 90 days to fix it before going public. So Apple has probably been working on a fix for the past three months.

Jailbreaking

Jailbreaking—once a popular pastime for iOS hackers—has been declining lately. Basically, an iOS jailbreak removes Apple’s software restrictions. It lets you install apps, themes, and extensions not available in the App Store.

In the beginning days of iPhone, jailbreaking was popular because at first Apple limited functionality on iOS. But as the system matured, Apple continually added features to iOS that was previously only available via jailbreaking. Since people didn’t need to jailbreak as much anymore, the community is smaller than it once was.

The Exploit

Motherboard says that the above tweet has a lot of meaning for jailbreakers. The “tfp0” referenced stands for “task for pid 0”, or the kernel task port. This gives you control of the core of iOS. Ian hinted that there is more to come. Mentioning iOS 11.1.2 is significant as well, because it’s rare for recent iOS versions to have zero day exploits like this.

Image of Cydia, an iOS jailbreak app store.

Cydia, the jailbreaking app store

However, there are a couple of caveats. First, Ian is unlikely to release a full, untethered iOS jailbreak. This means a person will have to plug the iPhone into a computer every time you restart it. It also won’t be easy to install Cydia, the popular jailbreaking app store, or to install other pirated or malicious apps.

Researchers believe Beer’s exploit will help those who have complained that they don’t have easy access to special devices with fewer security features that would help them find more bugs. Sometimes, several iOS security researchers told me, you need to chain together several bugs or even jailbreaks to find other bugs.

A former Apple security engineer, speaking on conditions of anonymity, told Motherboard that this exploit would give security researchers the bare minimum tools to research iOS. This suggests that security research, not jailbreaking, is the main focus. Using this exploit to jailbreak is just a side effect, and not the main concern.

3
Leave a Reply

Please Login to comment
2 Comment threads
1 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
Andrew Orrbrett_xLee Dronick Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
brett_x
Member
brett_x

…but Project Zero gives companies 90 days to fix it before going public.

Mentioning iOS 11.1.2 is significant as well, because it’s rare for recent iOS versions to have zero day exploits like this.

So, it’s probably already fixed in 11.2, which makes it a non-zero day. I didn’t get that from the first read. That said, I think it’s great if it really is for security research.. especially since it’s already patched (probably).

Lee Dronick
Member
Lee Dronick

Project Zero gives companies 90 days to fix it before going public

They should give them 90 months, or better yet be a grown up and not say anything about to the public.