iPhone, Mac devices

Google security researcher Ian Beer has published proof-of-concept code for a rooting exploit that works both iOS and macOS devices.

Beer teased the publication of the code last week via a tweet on his newly created Twitter account.

Yesterday, he published a link to a Google Project Zero discussion about a vulnerability in the iOS and macOS kernels.

In the discussion, the researcher explains that a memory corruption issue allows an attacker to execute malicious code with system-level privileges.

Apple patched the bug at the heart of this exploit two weeks ago. For iOS, the Apple tracks the bug as CVE-2017-13861, and fixed the bug with the release of iOS 11.2, on December 2. It is unclear what CVE number the bug has received on macOS, since Apple does not include detailed descriptions for each fixed issue.

PoC code will help jailbreak iOS devices

Beer published a basic proof-of-concept (PoC) that works on iOS and macOS [1], but also additional, more expanded code for iOS devices [2].

Jailbreaking projects have said they plan on integrating Beer's code into their tools. Beer's PoC will allow users to root devices running iOS versions up to v11.1.2.

"This bug is reachable from the iOS app sandbox as demonstrated by this PoC," Beer says, also adding that an attacker will be able to get tfp0 (task for process 0 —a.k.a kernel-level access) and a kernel debugger.

The researcher says he tested the second, more intrusive PoC on 64-bit devices such as iPhone 7, iPhone 6s, and iPod Touch 6G, but, in theory, it should work on all other devices as well.

"You just need to find the [code debugging] symbols," Beer wrote in a README file included with the second PoC.

Beer is a prodigious Google security researcher

CVE-2017-13861 is not the only bug Beer reported to Apple. Just this month, the OS maker fixed five bugs in iOS 11.2 and six bugs in macOS High Sierra 10.13.2, all reported by Beer.

The researcher is part of Project Zero, an elite team of security researcher working for Google. This group searches for security flaws in common tools and applications used by Google and the general public.

After finding bugs, they report all the issues they discover to manufacturers for free. In most cases, vendors ship fixes right away. In the past, Project Zero researchers have focused their efforts on the antivirus industry, Microsoft, and Apple products.

Related Articles:

Apple Releases Security Updates for MacOS, iOS, and Safari

iOS Trustjacking Attack Exposes iPhones to Remote Hacking

Apple Releases New APFS File System, Critical Security Updates

ZipperDown Vulnerability May Impact 10% of All iOS Apps

Apple Is Cracking Down on Apps That Share Geolocation Data With Third Parties