Last week, Apple released iOS 11.2.5 with HomePod support, a ChaiOS bug fix, and other improvements.
Before
Advertising
Advertising
Here is a description of the vulnerabilities:
First vulnerability (CVE-2018-4095) provides control (ASLR bypass) over CoreBluetooth, resulting in memory corruption via bluetoothd.
Second vulnerability (CVE-2018-4087) allows you to extract arbitrary iOS code byhacking session between each daemon and bluetoothd. The following daemon types are affected: SpringBoard, mDNSResponder, aggregated, wifid, Preferences, CommCenter, iaptransportd, findmydeviced, routined, UserEventAgent, carkitd, mediaserverd, bluetoothd, coreduetd, etc.
Zimperium zLabs confirmed that Apple fixed problems in iOS 11.2.5, as well as in watchOS 4.2.2 and tvOS 11.2.5.
However, it’s too early to rejoice. So far, there is no evidence that a jailbreak can be created based on vulnerabilities. You need to wait until one of the well-known developers confirms or refutes the fact that the vulnerabilities are suitable for jailbreak iOS 11.2.2.
Advertising
Advertising
If it’s possible to create a jailbreak on their basis,It will work only with iOS 11.2.2 and lower, but not with the latest available version of iOS 11.2.5. The vulnerabilities have already been fixed in it. If you have iOS 11.2.2 and lower, we advise you not to update in case the jailbreak is released.
Meanwhile, Russ Cox from Google also promised to release his exploit, but has already denied rumors that it will be possible to create a jailbreak on its basis.