In its guide for Apple Products, Zimperium zLabs announced its intention to release two security vulnerabilities in the iOS 11.2.2 version or lower several days ago. However, the interesting fact is that they were already fixed in iOS 11.2.5.
There is a widespread statement that security exploits can be used to develop a jailbreak for iOS 11.2.2 – iOS 11.2. Today, you can download jailbreak only for iOS 11 – iOS 11.1.2 named LiberiOS jailbreak and Elextra jailbreak. In this way, people who updated to iOS 11.2.2 – iOS 11.2 expect this information to be true.
Nevertheless, in his tweets, Adam Donenfeld, a Zimperium zLabs security researcher, proved that he had not written any exploit. However, he mentioned that someone could use the opportunity to make an exploit using “one of the most hidden vulnerabilities.” He added that it was possible within the framework of the creator of LiberiOS jailbreak, Jonathan Levin. Some of Adam’s statements below:
1/N Apple has finally acknowledged my kernel heap overflow and fixed it on 11.2.5 (CVE-2018-4109). While I didn’t write an exploit, it’s one of the most hidden vulnerabilities I’ve ever found, and it took me a couple of days to trigger it once I found it!
2/N Is there any conference that would be interested in a detailed explanation + review of some tools I wrote to aid in that research?
3/N if it makes it better in any case, this is accessible from the sandbox (so theoretically if someone plans to write an exploit, @Morpheus______’s jailbreak framework can be used with that).
So far, this is great news for jailbreakers who updated to the newest versions iOS 11.2 – iOS 11.2.2. Apple stopped signing iOS 11.2.2, so it’s impossible to go back to iOS 11.2.5 anymore.