Recently, the security researchers reported about multiple Apple iOS bugs and vulnerabilities that could lead to transfer the control of affected iOS devices in the hands of the attackers. Although Apple is releasing continue patches to fix the issues, some of the vulnerabilities provide a chance to exploit Apple devices that are considered to be more secure. Google’s Project Zero researcher lan Beer created a tool for testing the iOS and the Google released this tool to the public.
The Project Zero researcher found an exploit dubbed as “tfp0” that allows iOS users to take full control over the core of iOS as this exploit leverages double-free memory corruption vulnerabilities in the iOS kernel. Beer reported the vulnerability to Apple and then created a powerful iOS to find bugs in iOS 11.1.2 or earlier.
Apple patched the reported vulnerability in the latest iOS 11.2 update. But the devices that are running affected versions of iOS, could face the issues as this exploit can be used to jailbreak iOS and lets users install apps from non-Apple sources.
“tfp0 should work for all devices, the PoC local kernel debugger only for those I have to test on iPhone 7, 6s and iPod Touch 6G but adding more support should be easy,” Beer confirmed.
The reason for developing this tool is to allow other security researchers to find bugs and vulnerabilities in the security layers of iOS and send the bugs report to Apple in order to get that fixed.
In addition, the security researcher Jonathan Levin tweeted that the iOS exploit also works on Apple TvOS 11.x and Apple TV 4K.
The users who want to jailbreak iOS 11.1.2 can avoid iOS 11.2 but the rest should update their devices immediately.