Exposure of the source code of the escape vulnerability of the IOS 12.1 test environment, iOS 12 jailbreak



OS 12.1 powerful sandbox escape vulnerability source code exposure, iOS12 jailbreak near?


iOS 12.1 powerful Safarii sandbox escape vulnerability source code exposure, jailbreak near?
iOS 12 jailbreak can be said to be currently accumulating energy. After iOS 12.0.1 is closed for certification, developer Brightiup immediately released the vulnerability code CVE-2018-4415 patched by iOS 12.1, followed by a security researcher and SecuriTeam's Beyond. Security exposure is more powerful using the QuartzCore heap sandbox escape vulnerability, affected systems including iOS 12.1 and macOS 10.14 will be affected.

What is the QuartzCore vulnerability?

QuartzCore (also known as CoreAnimation) is primarily a framework for creating animated scene graphs for macOS and iOS. However, CoreAnimation uses a fairly unique rendering model that can perform graphics operations in a separate handler. On macOS this handler is WindowServer, and on iOS the handler is backboardd.
However, these handlers are all outside the sandbox and can call setuid. The QuartzCore service name can also be referred to as CARenderServer.macOS and iOS versions, and can be accessed from the Safari browser sandbox, so it is often used in various Pwn2Own scenarios where there is an integer overflow error. A heap overflow vulnerability has been reported in QuartzCore on the latest macOS and iOS.
This vulnerability is at the bottom of Quartz Corethe CA::Render::Interpolated-function::Interpolated Function and this function does not take into account the integer overflow problem.

Apple's approach to this vulnerability

CoreAnimation
Applies to: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14
Impact: The app may execute arbitrary code with system privileges
Note: After improving the memory processing mechanism, the memory corruption problem has been solved.
CVE-2018-4415: Liang Zhuo (in cooperation with Beyond Security's SecuriTeam Secure Disclosure)

Pangu IOHID vulnerability on iOS 12.0.x can get tfp0

In addition, although the Pangu team no longer launched jailbreak, this year also contributed to the IOHID vulnerability to get the tfp0 message of iOS 12.0.x. If you are interested, you can click " Let me see the slide " to understand. But unfortunately the tips in the newsletter are not detailed enough, just to show a small PoC, in fact, there is not a complete code to get tfp0.

Does this mean that iOS 12 is coming out of jailbreak?

Currently iOS 12 jailbreak can be said that it is still in the initial accumulation of vulnerabilities, there is no jailbreak developer interested in dealing with it, although Siguza confirmed that QuartzCore is a powerful vulnerability that can effectively exploit this vulnerability, but this vulnerability can not make the entire jailbreak Forming, also need Kernel Bug kernel vulnerability, repair amfi Bug, Root partition read and write. iOS 12 jailbreak actually has to wait at least 3 months to 4 months, and is unlikely to be iOS 12.1 jailbreak, the most likely opportunity is iOS 12.0.x, so it is recommended to stay in iOS 12.0 .x and iOS 12.1 stay on, don't push the upgrade.
However, after seeing this vulnerability, iOS 11 jailbreaking developer pwn20wnd also said that it will try to use the QuartzCore vulnerability on iOS 11.4.1. If it is feasible, the next fastest release will be iOS 11.4.1 jailbreak, after all, iOS 11 jailbreak loopholes are richer and more mature than iOS 12, and the speed will be faster.

No comments:

Powered by Blogger.