A tweet from a Google Project Zero team member has caught the attention of some jailbreakers, who believed that the tweet was talking about a new jailbreaking tool.
Unfortunately, the tweet was referring tool for iOS researchers — not for jailbreakers.
The tweet was posted by Twitter user Ben Hawkes, who is a member of Google’s Project Zero and has been credited with discovering numerous bugs on Microsoft Office, Adobe Flash Player, and other programs.
In his tweet, Hawkes pointed out that iOS 10.3.3 patches a vulnerability codenamed CVE-2017-7047. This vulnerability causes a memory corruption issue that allows an application to “execute arbitrary code with system privileges”. CVE-2017-7047, which was discovered by Google Project Zero’s Ian Beer, affects the sixth-gen iPod Touch, fourth-gen iPad and later models, and iPhone 5 and later models.
According to Hawkes, those who are interested in doing userspace research on iOS should avoid iOS 10.3.3 and stay on iOS 10.3.2 and below. He also added that there would be a “tool release next week”.
The latter part of Hawkes’s tweet has caused several people to think that a jailbreaking tool for iOS devices will be rolled out next week. However, this isn’t really the case since the tool is actually for iOS researchers who are focusing on userspace vulnerabilities.
One Redditor with the username BSDIsShit has pointed out that CVE-2017-7047 cannot be used for jailbreaking since it’s a userspace vulnerability. Most functional jailbreaks rely on kernel vulnerabilities, which allow jailbreaking teams to make actual changes on iOS devices.
However, as BSDIsShit notes, all hope is not lost since several kernel vulnerabilities exist in iOS 10.3.2. These are CVE-2017-7009, CVE-2017-7023, CVE-2017-7025, CVE-2017-7027, and CVE-2017-7069. All of them cause memory corruption issues and affect the same devices as CVE-2017-7047.
Let’s cross our fingers and hope that a jailbreaking team is using these kernel vulnerabilities to create a jailbreak for iOS 10.3.2 and/or earlier versions!