Ian Beer, a researcher who is part of Google’s Project Zero security team, tweeted a couple of hints that suggest he will soon publicly release an iOS jailbreak. It sounds shocking that a Google employee would do this, but this is part of Project Zero’s modus operandi, as it routinely searches other companies’ software for bugs.
It might be embarrassing for Apple for a rival to find an exploit in its code, but Project Zero gives companies 90 days to fix it before going public. So Apple has probably been working on a fix for the past three months.
Jailbreaking
Jailbreaking—once a popular pastime for iOS hackers—has been declining lately. Basically, an iOS jailbreak removes Apple’s software restrictions. It lets you install apps, themes, and extensions not available in the App Store.
In the beginning days of iPhone, jailbreaking was popular because at first Apple limited functionality on iOS. But as the system matured, Apple continually added features to iOS that was previously only available via jailbreaking. Since people didn’t need to jailbreak as much anymore, the community is smaller than it once was.
The Exploit
Motherboard says that the above tweet has a lot of meaning for jailbreakers. The “tfp0” referenced stands for “task for pid 0”, or the kernel task port. This gives you control of the core of iOS. Ian hinted that there is more to come. Mentioning iOS 11.1.2 is significant as well, because it’s rare for recent iOS versions to have zero day exploits like this.
However, there are a couple of caveats. First, Ian is unlikely to release a full, untethered iOS jailbreak. This means a person will have to plug the iPhone into a computer every time you restart it. It also won’t be easy to install Cydia, the popular jailbreaking app store, or to install other pirated or malicious apps.
Researchers believe Beer’s exploit will help those who have complained that they don’t have easy access to special devices with fewer security features that would help them find more bugs. Sometimes, several iOS security researchers told me, you need to chain together several bugs or even jailbreaks to find other bugs.
A former Apple security engineer, speaking on conditions of anonymity, told Motherboard that this exploit would give security researchers the bare minimum tools to research iOS. This suggests that security research, not jailbreaking, is the main focus. Using this exploit to jailbreak is just a side effect, and not the main concern.
So, it’s probably already fixed in 11.2, which makes it a non-zero day. I didn’t get that from the first read. That said, I think it’s great if it really is for security research.. especially since it’s already patched (probably).
It’s possible the exploit has already been patched. I couldn’t find anything on Apple’s security page.
They should give them 90 months, or better yet be a grown up and not say anything about to the public.