John Akerblom, a relatively unknown individual as far as the world of jailbreaking is concerned, has announced published what he is calling a proof-of-concept for “simple” iOS 11.3.1 kernel exploit. The Norwegian developer had previously tweeted about this discovery on May 30.
Akerblom may not be known on a global scale as being someone heavily involved in the jailbreak world but given the extent of this work, it’s very likely that a lot of the more prominent developers and security researchers are aware of what he is capable of doing from a security perspective.
His May 30 tweet confirmed that Apple’s iOS 11.4 killed “a couple of heap overflows” that were capable of granting “full kernel RWX” from within a normal app. With iOS 11.4 now out in the public domain, it seems that the Akerblom has decided to put together a PoC to show off his discoveries as far as iOS 11.3.1 is concerned.
iPhone X 11.3.1 kernel exploit simple PoC for the bug from my 30th May tweet:
https://github.com/potmdehex/multipath_kfree … I am not a developer and promise no further commits. Deres tur, ETA boys
It’s interesting to see this particular individual say that he is “not a developer” and suggest that he will be providing no additional work or support on the discovery of the proof-of-concept. With that said, the write-up and code on the linked GitHub page credit Stefan Esser, Ian Beer of Project Zero, and a number of other individuals with making this type of work possible. A follow-up tweet then confirmed that some additional work had been done to clean up the code and to confirm that the release is a “complete kernel exploit from inside the app sandbox,” that can be exploited however anyone with the requisite knowledge sees fit.
To be clear, although this code credits Ian Beer of Project Zero, this is likely for the work and exploitation techniques used in extra_recipe. This is not the same kernel exploit that we are all expecting Ian Beer to release into the public domain next week during Apple’s WWDC week.
If you are interested in this, head on over to the official GitHub page for the PoC. You can download that project and compile it if you have the necessary knowledge.
Source: @jaakerblom [Twitter]