Alibaba researchers reportedly jailbreak iOS 11.2.1 on iPhone X
Security researchers at Alibaba's Pandora Labs claims to have jailbroken Apple's recently released iOS 11.2.1 running on iPhone X, proving the latest version of the operating system contains vulnerabilities open to exploit.
"Although iOS 11.2 fixes some security issues, we confirmed on the day of release that the new version will still be able to jailbreak." said Song Yang, head of Ali Secure Pandora Laboratories. "Although we soon escaped iOS 11.2 perfectly, we were limited to security research purposes, so jailbreak tools will not be provided."
Seen in the photo above, taken on Thursday, researchers at Pandora Labs successfully leveraged undocumented iOS 11.2 loopholes to install an eponymous app using Cydia. Earlier today, the blog post was updated to confirm a jailbreak of iOS 11.2.1, Apple's latest firmware iteration.
Apple released iOS 11.2.1 to restore shared HomeKit access, a feature that was temporarily disabled following the discovery of a critical flaw that threatened the security of connected appliances controlled by Apple's smart home platform. The company promised to issue a permanent fix for the issue on Monday.
While Pandora Labs declined to detail techniques used in the jailbreak, an accompanying screenshot suggests the implementation takes advantage of a memory buffer overflow bug to trigger a kernel panic. Researcher Long Lei, who is credited with reporting seven security vulnerabilities to Apple, explained iOS 11.1 contained a flawed SMAP mechanism that could be bypassed. Apple fixed that hole in iOS 11.2, forcing researchers to find other SMAP workarounds.
Today's jailbreak claims come on the heels of Google's release of a tool that assists in hacking iOS devices running iOS 11.1.2. Created by Google Project Zero employee Ian Beer, the proof of concept is designed to help researchers test the security layers of iOS without curating their own exploits.
AppleInsider has affiliate partnerships and may earn commission on products purchased through affiliate links. These partnerships do not influence our editorial content.