Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,713
39,650



ios_11.png
Google security researcher Ian Beer, who works for the Project Zero team, last week highlighted an iOS 11.1.2 exploit called "tfp0," which he believes could be the basis for a future iOS 11.1.2 jailbreak.

Today, Beer released the exploit to the public. He says it should work on all iOS devices running iOS 11.1.2 or below, though he only personally tested iPhone 7, iPhone 6s, and a sixth-generation iPod touch.

What Beer released is not a full iOS 11 jailbreak as some had hoped, but what he's shared could potentially be used to create a jailbreak in the future.

tfp0 should work for all devices, the PoC local kernel debugger only for those I have to test on (iPhone 7, 6s and iPod Touch 6G) but adding more support should be easy - Ian Beer (@i41nbeer) December 11, 2017

iOS 11.1.2 is no longer the current version of iOS as Apple released iOS 11.2 on December 2, but Apple is still signing iOS 11.1.2 at this time. Apple will likely stop signing the older update in the near future, and its end could come sooner now that further information on the tfp0 exploit has been released.

Jailbreaking iOS devices has dwindled in popularity in recent years, which has led two major Cydia repositories to close. Both ModMy and ZodTTD/MacCiti, which provided apps, themes, tweaks, and more for jailbroken iOS devices, shut down in November. For the time being, iOS 11 continues to be the only major version of iOS that has not been jailbroken.

Article Link: Google Security Researcher Shares Details on 'tfp0' iOS 11.1.2 Exploit That Could Lead to Future Jailbreak
 
I am a big fan of jailbreaks. However, who really needs it anymore?

Since jailbreaking is a heck of a lot more than installing unapproved apps, I'd say the answer is "anyone who wants to customize their iOS experience."

When this question came up a week or two ago, here's what I posted:

For me, Jailbreaking has always been about additional customization. FlipControlCenter, for instance, lets you add different toggles to the pre-iOS 11 Control Center (so you could, for instance, have a Personal Hotspot toggle), have multiple scrollable groups of toggles, select which toggles could and could not be used from the lock screen, etc. It is far superior to the iOS 11 “solution” that Apple came up with.

FlipControlCenter, 3G Unrestrictor, Protect My Privacy, etc... These customizations are so far beyond what Apple allows... and are not available via side loading. As another poster said, it’s not really about apps.

However given the seriousness of some recent iOS security flaws, combined with the amount of sensitive info now accessible from my phone... it just doesn’t make sense to stay on an older, jailbreakable version of iOS. I have an original iPad mini which is still jailbroken - there are one or two non-approved apps I occasionally use. But that device is basically isolated from the rest of my Apple gear, and does not have any personal account apps (e.g. banking) on it.
 
I am a big fan of jailbreaks. However, who really needs it anymore?

I've been holding on to my 9.1 jailbreak for years now, wondering whether the few minor tweaks I have are really worth it. Then I discovered NGXPlay, which allows me to run *any* app in CarPlay, and it was like the good old days all over again. Being able to run Google Maps on my car screen is not just a vast improvement over Apple Maps, it's also a safety boon, since I've often been forced to resort to the iPhone's little screen while driving whenever Apple Maps (so often) screws something up. And like the good old days of jailbreak, along with the relief comes the usual disgust at Apple intentionally preventing simple things (like Google Maps) for the sake of stupid corporate competition.
 
11.1.2 is good enough for me on my iPhone X. On older phones.- I'm not so sure. I've already downgraded.

To MacRumors staff - this is big news, and deserves to be on the front page.
[doublepost=1513044363][/doublepost]
I am a big fan of jailbreaks. However, who really needs it anymore?

There are some cool things I will jailbreak for that apple doesn't allow. For example, picture in picture - being able to keep a video stream from one app running in a small window while using another app. Thats enough for me.
 
I'm looking forward to a jailbreak for 11.1.2. Need that adblock and activator. Safari Downloader is also nice to have.

Also to the comments towards the top. Google's project zero gives apple 90 days to patch the bug before publicly releasing.
 
A simple question (I'm not a lawyer):
Is publishing an exploit a white-collar crime when Google (competitor) employs this "research man"?

No. It's considered part of the widely accepted "responsible disclosure" doctrine.

Bugs found by the Project Zero team are reported to the manufacturer and only made publicly visible once a patch has been released, or if 90 days have passed without a patch being released.

As for this bug, Apple fixed it in iOS 11.2 and in various MacOS updates.

https://support.apple.com/en-us/HT208334

Interestingly, some here will remember that the very first 1.0.1 iPhone update back in July 2007 was assumed to have been rushed out in order to beat an exploit exposure deadline:

https://www.computerworld.com/artic...ates-iphone--beats-researchers--deadline.html
 
  • Like
Reactions: mrzz
Updated all of my older iPads to 11.1.2 in preparation while it's still being signed. Don't see the need to jailbreak my primary stuff anymore, but older stuff? Makes it easier to run emulators or have them behave in "unofficial" but useful ways (and where stability isn't paramount).
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.