The iOS 12.1 jailbreak vulnerability has been found, Apple will fix the vulnerability after patching



When will iOS 12 jailbreak come? No one can give a clear answer to this question, but recently the Qihoo Security Research Team 360 Vulcan Team member SorryMybad (who is honest and dazzling) used the iPhone X to successfully crack the iOS 12.1 system and complete the jailbreak in the Tianfu Cup 2018 crack contest. In order to celebrate, it also announced that if Apple fixes this vulnerability, it will release the iOS 12.1 jailbreak vulnerability source code, it is recommended not to upgrade to iOS 12.1.1.

According to the simple description of the Tianfu Cup contest, you can understand that SorryMybad uses the Safari webpage to find the vulnerability and obtain the core reading permission of the iPhone X system, but in fact, how to operate, there is no detailed information to understand.
But on the Internet, there is a jailbreakMe video that uses the webpage on the iOS 12 system. On the right is the movie that SorryMybad used JailbreakMe to complete the jailbreak on iOS 11.4, but from the background, both devices are shot in the same environment. Cheng, it seems to be able to confirm that there are Safari webpage vulnerabilities on iOS 12, which can achieve one-click access to the webpage JailbreakMe. After the conference, SorryMybad also announced on Twitter: " If the follow-up iOS 12 official version fixes this vulnerability, the details of this vulnerability will be disclosed. If you are interested in research, please keep it on iOS 12.1 ."
This sentence also said that the iOS 12.1 jailbreak JailbreakMe vulnerability discovered by SorryMybad may be patched on the next iOS 12.1.1, which also confirms that the Jailbreak vulnerability of A11 processor can be used on iOS 12~iOS 12.1. .
iOS 12.1 jailbreak vulnerability has been found, Apple will fix the vulnerability after patching 1

But the more annoying is that the new iPhone XS/XS Max/XR device uses the latest A12 processor, and Apple also added a number of advanced defense mechanisms such as Pointer Authentication Codes (PAC) to prevent iOS attacks. In the past,  KeenLab security researcher Liang Chen has also successfully escaped from the A12 processor and has already demonstrated iOS 12.1 jailbreak and security keynotes at the POC (Power of Community) hosting hacking contest in Korea.
However, SorryMybad also made good progress on the A12 processor. It also shared an iPhone XS Max running iOS 12.1 image, and used the "A12" text to indicate and narrate. From the picture, he has successfully obtained the iPhone XS Max. On iOS 12.1 "tfp0".

What is tfp0?

The tfp0 full name "task for pid 0" is the core work connection, giving users the core control permissions for iOS. If you want iOS to achieve jailbreak, then tfp0 can be said to take up 80% of the jailbreak development, of course, you can also use it to achieve the upgrade level with futurerestore .
After the details of the tfp0 vulnerability were made public, the development jailbreak team could develop plug-ins for the iOS version. For example, the escape of iOS 11 in the past was completely dependent on the tfp0 vulnerability disclosed by Project Zero member Ian Beer.

More worrying is the vulnerability used in the Tianfu Cup contest also contains the tfp0 vulnerability on the iPhone XS Max? If not, it will only cause the A11 processor and older devices to jailbreak, which will cause the latest three A12 processor iPhone models will not be able to support jailbreak, you need to continue to wait.

Should I upgrade to iOS 12.1 and wait for jailbreak?

Do you want to upgrade on iOS 12.1? The decision is in his own hands, and Mr. Mad will only inform the current state of jailbreak development and progress.
It has not been confirmed whether iOS 11.4.1 jailbreak will be launched earlier than iOS 12.1 jailbreak, and in the past there is a jailbreak developer sparkey also thinks that iOS 12 jailbreak should be launched at least for more than half a year, and it is still not certain that iOS 12.1.1 will be Will not fix the vulnerabilities owned by SorryMybad, can this vulnerability also allow the iPhone XS/XS Max/XR device to be jailbroken? When will the vulnerability be disclosed? There are too many uncertainties.
It is recommended to keep waiting in the current version. If there is a certain release of iOS 12 jailbreak vulnerability and preparation for jailbreak, then it is really time to upgrade. Finally, users who want to jailbreak should remember not to keep upgrading. Missed jailbreak, if you have upgraded to iOS 12.1 users, it is also recommended to follow the " turn off iOS 12 OTA update reminder " teaching, can effectively prevent accidental point to upgrade.

No comments:

Powered by Blogger.