Home

Awesome

@RaniXCH

bluetoothdPoC

CVE-2018-4087 PoC

ETA son? (Is it a jailbreak?)

Depends, Got any kernel vulnerability? You're welcome chain them together. This one allow you to have huge attack surface from within the sandbox. https://www.weibo.com/ttarticle/p/show?id=2309404271293301154324 - @SparkZheng - iOS jailbreak internals (2): Escaping sandbox using callbacks

References

https://blog.zimperium.com/new-crucial-vulnerabilities-apples-bluetoothd-daemon/

https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/