It was only a couple of weeks ago that I said jailbreaking is basically dead. But it seems no-one told Google security engineer Ian Beer. He’s released detailed information that describes how to exploit a memory corruption vulnerability that works on almost all 64-bit Apple devices running iOS 11.1.2 or earlier. This can, he says, be used to create a jailbreak.
Beer did reveal all to Apple before making the exploit, dubbed tfp0 or Task for pid 0, public. And Apple remedied the vulnerability in all four of their operating systems; macOS 10.13.2, iOS 11.2, watchOS 4.2 and tvOS 11.2.
As iOS and macOS share the same codebase, the exploit which could be used for jailbreak on an iPhone or iPad could be used to compromise a Mac.
Looking through those security notes, Beer’s name gets many mentions. He’s a member of Google’s Project Zero team, a group of security researchers tasked with finding zero day vulnerabilities and reporting them to manufacturers. Perhaps the reason this patch was issued promptly by Apple, rather than the time they took to fix KRACK is that Project Zero gives manufacturers 90 days to fix the problem before they go public.
If you’re into jailbreaking, then avoid upgrading to the most recent versions of Apple’s software as the fault is patched in all the “.2” releases. But if you don’t jailbreak – and recent evidence suggests the practice is dying out – then updating to the most recent version of the operating systems will remove that potential vulnerability.