iOS 11.3 Security Notes Point To iOS 11.2.6 Kernel Vulnerability

Apple would have hoped that the release of iOS 11.3 into the public domain would push the focus on the business and how it is continually expanding iOS and releasing updates. However, thanks to information contained within the security update, what it’s actually done is push focus well and truly back to the jailbreak community.

Apple’s web-based document, titled About the security content of iOS 11.3, provides information about security issues and vulnerabilities which have been provided to Apple and which have subsequently been patched with that particular release.

One bug listed, which is given the reference CVE-2018-4143, is attributed to an individual named solely as “derrek”, with its impact described as potentially allowing “an application” which “may be able to execute arbitrary code with kernel privileges.” This is a kernel-level bug, and yes, you guessed it, it could possibly be used for an iOS 11.2.6 jailbreak.

Apple’s own security information suggests that the bug affects iPhone 5s and later, iPad Air and later, and the iPod touch 6th generation as a kernel-level issue, and is actually only one of three kernel vulnerabilities which were patched with the release of iOS 11.3.

The finder of the big, known as derrek, or @derrekr6 on Twitter, is described as a “vulnerability researcher” on his social media profile and has promised to give more information about the vulnerability when the 90-day non-discussion period has ended. Apple makes sure that anyone providing them with bugs, and who is likely compensated for that discovery, cannot talk about the problem until 90 days after the bug was patched.

According to derrek, that gives him more time to play around with the vulnerability and hopefully extend and improve the proof-of-concept that he already has in place. From a jailbreak perspective, there’s no real guarantee that this will allow root or be one of the main components in an iOS 11.2.6 jailbreak.

However, for those who are heavily involved in the jailbreak community, and who aren’t particularly fussed about upgrading to iOS 11.3, and missed the boat with last public jailbreak (iOS 11.1.2 Electra) but want to have a chance of any jailbreak in future, then it could be worth restoring to iOS 11.2.6 right now while Apple is still signing that older firmware. Information regarding how to do that can be found here: How To Downgrade iOS 11.3 On Your Device [Guide].

There will be a little bit of patience involved until we know more about this vulnerability but hopefully, it could all be worth it.

Leave a Reply