iOS 11.3 Jailbreak Updates

As you may know by now, Apple has officially pushed out iOS 11.3 into the public domain. The release means that compatible iPhone and iPad owners all over the globe can start downloading and installing Apple’s latest mobile firmware, but it also means that jailbreak fans are starting to passionately query where they stand as far as this latest iOS 11.3 firmware is concerned.

The first thing to note here is that we have yet to see anything official released into the jailbreak community as far as iOS 11.3 final version is concerned. Granted, iOS 11.3 has been in a pre-release state for quite a while, meaning that it’s simply not an intelligent path to walk for researchers and developers to burn exploits or vulnerabilities pertaining to a version of firmware which is still in test. So, some of the most progressive individuals in the community could be sitting on something big ahead which will come out now that iOS 11.3 is final, but that’s currently unknown as we haven’t had any official insight into that, yet!

With that said, we do already know that Abraham Masri – who has previous form in the jailbreak community – has discovered what he was calling a “0day” vulnerability in earlier pre-release beta versions of iOS 11.3. Under normal circumstances, the release of a “0day” would cause the community to throw their collective hands up in the air in order to celebrate one of the major parts of a jailbreak being achieved.

However, this time around, even Masri himself conceived that it may not be particularly useful in its current form but that it could be useful going forward if put into the right hands, and when combined with other exploits. There’s no word yet on if anyone has taken up that challenge or is actively working towards that goal.

Right now, iOS 11.1.2 is the last public jailbreakable firmware, and with iOS 11.3 now public, device owners are running out of time to use FutureRestore to move back to iOS 11.1.2 for jailbreak purposes, provided they meet certain requirements given iOS 11.1.2 is no longer being signed by Apple now. This is because with iOS 11.3 now out in public, it’s only a matter of time before Apple stops signing iOS 11.2.6 – which happens to be the last firmware whose SEP is compatible iOS 11.1.2 (a requirement for using FutureRestore).

With iOS 11.3 now out in the public domain, it means that researchers and individuals in the jailbreak community can start to be more public about anything that they are working on due to the fact that the firmware is final and cannot be patched unless a new version is released. It’s for that reason that we hope we start to see more concrete information filter out into the public domain.

iOS 11.3 also fixes the following vulnerabilities:

Clock

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes
  • Description: An information disclosure issue existed in the handling of alarms and timers. This issue was addressed through improved access restrictions.
  • CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)

CoreFoundation

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4155: Samuel Groß (@5aelo)
  • CVE-2018-4158: Samuel Groß (@5aelo)

CoreText

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Processing a maliciously crafted string may lead to a denial of service
  • Description: A denial of service issue was addressed through improved memory handling.
  • CVE-2018-4142: Robin Leroy of Google Switzerland GmbH

File System Events

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4167: Samuel Groß (@5aelo)

Files Widget

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: File Widget may display contents on a locked device
  • Description: The File Widget was displaying cached data when in the locked state. This issue was addressed with improved state management.
  • CVE-2018-4168: Brandon Moore

Find My iPhone

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password
  • Description: A state management issue existed when restoring from a back up. This issue was addressed through improved state checking during restore.
  • CVE-2018-4172: Viljami Vastamäki

iCloud Drive

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4151: Samuel Groß (@5aelo)

Kernel

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A malicious application may be able to execute arbitrary code with kernel privileges
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • CVE-2018-4150: an anonymous researcher

Kernel

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to read restricted memory
  • Description: A validation issue was addressed with improved input sanitization.
  • CVE-2018-4104: The UK’s National Cyber Security Centre (NCSC)

Kernel

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2018-4143: derrek (@derrekr6)

Mail

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail
  • Description: An inconsistent user interface issue was addressed with improved state management.
  • CVE-2018-4174: an anonymous researcher, an anonymous researcher

NSURLSession

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4166: Samuel Groß (@5aelo)

PluginKit

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4156: Samuel Groß (@5aelo)

Quick Look

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4157: Samuel Groß (@5aelo)

Safari

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing
  • Description: An inconsistent user interface issue was addressed with improved state management.
  • CVE-2018-4134: xisigr of Tencent’s Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department

Safari Login AutoFill

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction.
  • Description: Safari autofill did not require explicit user interaction before taking place. The issue was addressed through improved autofill heuristics.
  • CVE-2018-4137

SafariViewController

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Visiting a malicious website may lead to user interface spoofing
  • Description: A state management issue was addressed by disabling text input until the destination page loads.
  • CVE-2018-4149: Abhinash Jain (@abhinashjain)

Security

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A malicious application may be able to elevate privileges
  • Description: A buffer overflow was addressed with improved size validation.
  • CVE-2018-4144: Abraham Masri (@cheesecakeufo)

Storage

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4154: Samuel Groß (@5aelo)

System Preferences

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A configuration profile may incorrectly remain in effect after removal
  • Description: An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup.
  • CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera

Telephony

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A remote attacker can cause a device to unexpectedly restart
  • Description: A null pointer dereference issue existed when handling Class 0 SMS messages. This issue was addressed through improved message validation.
  • CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV

Web App

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Cookies may unexpectedly persist in web app
  • Description: A cookie management issue was addressed through improved state management.
  • CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation

WebKit

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
  • CVE-2018-4114: found by OSS-Fuzz
  • CVE-2018-4118: Jun Kokatsu (@shhnjk)
  • CVE-2018-4119: an anonymous researcher working with Trend Micro’s Zero Day Initiative
  • CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
  • CVE-2018-4121: Natalie Silvanovich of Google Project Zero
  • CVE-2018-4122: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4125: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4127: an anonymous researcher working with Trend Micro’s Zero Day Initiative
  • CVE-2018-4128: Zach Markley
  • CVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative
  • CVE-2018-4130: Omair working with Trend Micro’s Zero Day Initiative
  • CVE-2018-4161: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4162: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4163: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

WebKit

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Unexpected interaction with indexing types causing an ASSERT failure
  • Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks
  • CVE-2018-4113: found by OSS-Fuzz

WebKit

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Processing maliciously crafted web content may lead to a denial of service
  • Description: A memory corruption issue was addressed through improved input validation
  • CVE-2018-4146: found by OSS-Fuzz

WebKit

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A malicious website may exfiltrate data cross-origin
  • Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.
  • CVE-2018-4117: an anonymous researcher, an anonymous researcher

WindowServer

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled
  • Description: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management.
  • CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH

Leave a Reply