Google's Project Zero iOS bug hunter Ian Beer has released details about an iOS 11 exploit that could offer up a jailbreak for iOS 11.1.2.
Beer last week teased that he had an exploit called 'tfp0', which is short for the kernel task port in iOS, and has today followed with an exploit using two recently patched flaws that may offer the rare prospect of a possible jailbreak on iOS.
It appears what he has released isn't a full jailbreak but enough to allow security researchers to bypass software restrictions imposed by Apple and test a newish version of iOS. It may also help create a jailbreak for those interested in testing iOS 11.1.2 or below.
Beer published details of an 'async_wake' exploit and proof-of-concept local kernel debugging tool for iOS 11.1.2 on Monday. Apple released iOS 11.2 on December 2, so the tools won't work on updated iPhones.
Team Pangu researcher Wang Tielei described iOS 11.2 as a "big loss" as it blocked a kernel vulnerability that could be exploited from within an iOS app sandbox.
Beer's exploit uses a combination of the IOSurface bug, another kernel bug patched in iOS 11.2, and specially crafted kernel messages to get the prized tfp0 on Apple devices.
Beer confirmed his technique does work on iPhone 7, iPhone 6s, and iPod Touch 6G if they're running iOS 11.1.2. He notes that it should be simple to port to other models. He also tested it on a MacBookAir 5,2 running MacOS 10.13.