Last year the 360 Vulcan team was congratulated by TianfuCup (@Tianfucup) on Twitter after they won the highest reward of Tianfu Cup 2018 PWN contest. They got the win after they gained full access to iPhone X using a UaF bug in iOS kernel and a type confusion jit bug in Safari.
SorryMyBad (@SorryMyBad) of 360 Vulcan then replied that after the fix he would release more information and this is precisely what happened last week. Information was promised by the security researcher according to RedmondPie all after the reported bug will be patched by Apple.
The iOS 12.1.3 developer beta was released by Apple on Monday as you may already know and not too long after the iOS 12.1.3 public beta 3 followed. It is still unknown whether the SorryMyBad’s reported bug was patched or not, but there will not be long until someone figures it out.
Returning to the bug we heard about from SorryMyBad, it affects iOS 12.1.2 and below according to RedmondPie. Besides that we know for sure that is compatible with all pre-A12 device which means that if you are an iPhone XR, iPhone XS, iPhone XS Max owner you can’t benefit from it. Another thing was confirmed by SorryMyBad, and that is that the kernel task port is provided.
GeoSn0w (@FCE365) asked whether or not the kernel task is reported and SorryMyBad offered the answer everybody was hoping for “Absolutely yes.”
GeoSn0w explains why this support is so important. One is allowed to perform arbitrary writes and reads to the kernel memory only with the help of tfp0 ( the kernel task port) that is also necessary to apply the required jailbreak patches. Besides that, users are also advised not to update.