It was only a couple of weeks ago when I suggested that the age of the iOS jailbreak was coming to an end. But then, last week, a Google researcher revealed how an exploit in iOS 11.1 could be used to create a new tool for side-loading “unauthorised” apps to an iOS device. Apple promptly released a patch for that in iOS 11.2 (and then 11.2.1 to deal with a HomeKit vulnerability). But it seems Apple hasn’t plugged all the jailbreakable holes.
In a blog post (which is in Chinese so I’m relying on various translations) Alibaba’s security researchers say they have found a vulnerability in iOS 11.2 and 11.2.1 that can be used to jailbreak an untethered iPhone and then load software from Cydia, the jailbreak software repository.
The team from Secure Pandora Labs, a division of Alibaba, that discovered the vulnerability has not released a toolkit for the vulnerability so it’s not likely you’ll find a complete jailbreak kit ready to use any time soon – although the ingenuity of the developers and researchers that put jailbreak kits together never ceases to amaze me – but it highlights something important.
No matter how walled the garden is and how tightly controlled the system, there’s almost always a way for a sufficiently motivated and skilled party to find a weakness that can be exploited.
iOS is a very mature platform that has been developed as a closed system since day one. In that time, there have been relatively few major security issues but it is still possible for the system to be compromised.
This new vulnerability, while noted as a method for applying a jailbreak, could potentially be used to install almost any sort of application – both benevolent or malicious. But with the exploit now in the public domain, we can expect Apple to release another patch pretty soon. But if you’re waiting for a jailbreak for your updated iOS 11 device, then perhaps holding off on the next update might be worthwhile.