back to article Google's Project Zero reveals Apple jailbreak exploit

Ian Beer of Google's Project Zero has followed up on a “coming soon” Twitter teaser with a jailbreakable iOS and Mac OS vulnerability. Beer went public after Apple worked out a fix for the kernel memory corruption bug. He even launched a Twitter account for the occasion: If you're interested in bootstrapping iOS 11 kernel …

  1. eldakka
    Pint

    Ian Beer?

    Have a....

  2. Steve Davies 3 Silver badge
    Coat

    Re: Ian Beer

    This must be a 'Bitter' pille for Apple to swallow

    but there is no doubt that Mr Beer is a 'stout' fellow

    Mines the one with a hip flash containing a hot toddy, perfect for a cold day like today

    1. Anonymous Coward
      Anonymous Coward

      Re: Ian Beer

      I think there are lager bugs to be found.

  3. Anonymous Coward
    Anonymous Coward

    Does it have s useful IPAddress?

  4. Anonymous Coward
    Mushroom

    This is bang out of order!

    All those Apple devices will have to wait for the carrier to package up their variant, then maybe push it out. Of course if it's iOS landfill more than 12 months old then forget it.

    Ooops sorry, getting Apple and Google mixed up again.

    1. Charlie Clark Silver badge
      Facepalm

      Re: This is bang out of order!

      Who was it who did the research to find the bug again?

      1. I ain't Spartacus Gold badge
        Megaphone

        Re: This is bang out of order!

        Who was it who did the research to find the bug again?

        Perhaps if Google spent a bit less time finding bugs in other peoples' software and gloating about it, and more time finding bugs in their own, and then fucking fixing them for the actual users - then people might be a bit less cynical about them.

        1. Anonymous Coward
          Anonymous Coward

          Re: This is bang out of order!

          Perhaps if Google spent a bit less time finding bugs in other peoples' software and gloating about it, and more time finding bugs in their own, and then fucking fixing them for the actual users - then people might be a bit less cynical about them.

          I really need more upvotes..

        2. Charlie Clark Silver badge

          Re: This is bang out of order!

          Perhaps if Google spent a bit less time finding bugs in other peoples' software and gloating about it

          I don't remember a single Google Zero report that seemed the slightest big smug. The project is in Google's own interest: lots of employees own and use Apple devices. Its own record on security isn't bad in terms of how quickly it handles and fixes known bugs. We'll have to see how good Treble is at solving the manufacturer and carrier problem.

          But Project Zero also serves as PR for Google's other services and for developers. Personally, I'd prefer to work at a company that is prepared to take an active role in security.

          1. I ain't Spartacus Gold badge

            Re: This is bang out of order!

            Personally, I'd prefer to work at a company that is prepared to take an active role in security.

            That's the problem right there! Google stick their noses into / take an active role in, other companies' security.

            But when it comes to fixing bugs in Android, suddenly it's somebody else's problem.

            Oh Boo Hoo it's the vendors' fault. We can't do anything about it. Oh poor us!

            No! You designed the fucking software! You make it work! I can accept that they bought in the design, and hadn't predicted the problem in advance. But they've had a decade to get cracking on sorting this out now. And they've done pretty close to bugger all!

            The manufacturers don't want to spend any money on updating their software. But I'll tell you what they want to do even less, and that's write their own phone OS themselves! And seeing as they can't, and even MS couldn't overcome the lack of app support in what was a pretty decent OS - Google have the power to solve this problem relatively easily. Either by fixing the Android update model - or by forcing manufacturers to choose between Google Play Services or not offering updates.

            1. Charlie Clark Silver badge

              Re: This is bang out of order!

              But when it comes to fixing bugs in Android, suddenly it's somebody else's problem.

              The state of deploying patches to Android devices is deplorable. But this is not entirely Google's fault. If consumer groups and regulators put enough pressure on manufacturers then patches might miraculously be delivered faster. As far as I know there is something like this working through the Dutch courts.

              By providing the updates to AOSP and licencess as it does Google absolves itself of all liability. You can shout all you like but that's the legal situation.

              There is perhaps some reputational risk, though I think we'd all acknowledge that most people neither know nor care about security updates going either for the cheapest or shiniest. We'll probably know in a year or two whether Project Treble is an improvement on this.

              Personally, I'm not prepared to wait and have been running CyanogenMod or LineageOS* on my phones for years and the ability to do this is one of my criteria when choosing a phone. Yes, I know this isn't for everyone but caveat emptor.

              1. I ain't Spartacus Gold badge

                Re: This is bang out of order!

                By providing the updates to AOSP and licencess as it does Google absolves itself of all liability. You can shout all you like but that's the legal situation.

                Charlie Clark,

                True. I'm fully aware that this is the legal situation. But Google are still wankers for this way of behaving, and I'll point it out every time I feel it appropriate. Part of my role in damaging their reputation in the way they deserve.

                it's a small effect now, but there's been a change even in El Reg over the last few years. 4 years ago, being rude about Google when they deserved it got you mostly downvotes. But their reputation is slowly getting worse, over their tax policies, updating of Android, abandoning working IoT gear out of greed, creepy data snooping etc. They've still done some great stuff, and I still use some of Google's services - but they don't have the universally sparkly reputation they had 5-10 years ago.

                To me they look like late 90s Microsoft. Greedy, arrogant and seemingly all-powerful. But then "Melissa" and "I love You" hit, and MS are still seen by non-techy people as a security disaster-zone. Despite a decade of hard work, heavy spending and some considerable success in cleaning up their act. They're also still seen as a big, evil monopolist - despite having cleaned up their act in that area somewhat too.

                Their only win over Google is that I don't think the general public see their tax affairs in the same way as Google's...

                Google are one security disaster away from Android being seen as the same insecure mess as XP (last month a million people downloaded the fake WhatsApp from the offical Play store because Google were too cheapskate to do their checks properly) - so how long will that take? Maybe never of course. But I suspect it'll happen. And then will the public blame the vendors, or Google? And Google will take all that shit and be unable to fix the issues, as they'll have to get the vendors to push those patches - and it'll take ages.

                Oh and I'm not sure I'd buy a Google Pixel, to avoid the whole Android update shit-show. Because Google are also pisspoor at customer service for physical product. Which was fine when buying el-cheapo Nexus devices, but they want top-money for Pixel. But not to give top-service. That may well come back to bite them too.

                1. Charlie Clark Silver badge
                  Alien

                  Re: This is bang out of order!

                  But Google are still wankers for this way of behaving, and I'll point it out every time I feel it appropriate.

                  In the context of Project Zero this will just make you sound like a bitter fanboi. More important will be to see how Google handles similar reports and whether it's only paying lip service to security and the project is pure PR. The focus will clearly be on their SaaS and PaaS offerings, as that's where the money is.

                  Google are one security disaster away from Android being seen as the same insecure mess as XP.

                  Does look like that from here but I'll guess we'll see.

                  Various companies (Samsung, Blackberry, etc.) now tout hardened Android so there's obviously a market for it. Conveniently for Google other companies are prepared to take on the liability.

                  But we need to remember that Apple's own record on vulnerability discovery, disclosure and fixing is lamentable. I don't have an I-Phone but I've had a Mac for many years and have got used to the basically piss poor quality assurance for each release with things breaking for no good reason and not being fixed within a major version. In this context I, for one, heartily welcome Google's research and with the next breath check what data they're trying to slurp from me.

                  1. I ain't Spartacus Gold badge

                    Re: This is bang out of order!

                    Charlie Clark,

                    In the context of Project Zero this will just make you sound like a bitter fanboi.

                    I don't see why. I'm having a go at Google for doing the easy thing - security research into other peoples' projects and then sometimes being arses about it. Remember last year when Google disclosed a vulnerability in Windows because MS had got the patch written and tested after the deadline for December patches, and so held it until January? So Google put at risk the security of millions of people by publicly disclosing a bug that was due to be patched in about twenty days time. That was childish. And clearly suggests that Project Zero is really a marketing attack on its rivals.

                    It's a lot easier, and cheaper, than to fix the gaping flaw in the whole design of Android. Which is the patching model. If Google had worked harder on this, against the obvious crapness of the vendors, I'd have some sympathy. But until recently they've not seemed to give a damn. And they remain pretty ineffective at fixing it.

                    Anyway, If I'm a fanboi, it's not of Apple. My favourite phone OS by far is Windows Phone 8 - now sadly dead. Course it would have been better if MS had looked like they cared about it, or had written it a better browser...

                    I also suspect Apple are dropping the ball on security and quality control. My impression from the outside is that Macs haven't really improved in the last few years and are now no better than Windows 7 or 10 (let's not mention 8). And they deserve less forgiveness for problems, given that in Mac and iOS they completely control the hardware - so testing should be a damn site easier than they seem to make it. Though my experience of having an iPad is that updates are a lot more reliable than they used to be.

                2. Anonymous Coward
                  Anonymous Coward

                  Re: This is bang out of order!

                  To me they look like late 90s Microsoft. Greedy, arrogant and seemingly all-powerful.

                  .. including either blatant disregard for law (and user rights) for as long as they could get away with it, followed by attempts to buy their way out. Compliance was only ever a last resort.

                  I have been making that comparison for years, even when Groklaw was still staunchly defending Google because they said they would do no evil. In my opinion, they appear to be following the MS playbook almost to the letter. The only thing I haven't see is Stack-like "collaboration" and a play like SCO vs Linux to damage competition - I guess Apple is still just a tad too dangerous to take on like that.

        3. Dr Mantis Toboggan

          Re: This is bang out of order!

          Actual Google users get updates just fine thanks.

          It sounds like you are too thick to understand there is a difference between Google, Google devices and android.

          Just shout if you need it explained, or speak to a grown up

          1. I ain't Spartacus Gold badge

            Re: This is bang out of order!

            It sounds like you are too thick to understand there is a difference between Google, Google devices and android.

            Dr Toboggan,

            Ah the desperate defence of the man who knows he's lost the argument. The personal attack.

            My posts describe how I blame Google for not forcing their vendors to issue updates in a timely manner. If I was feeling ungenerous I might suggest it was because you had trouble understanding the longer words. But I suspect it's more likely from the tone of your trolling that you understand, it's just not a point you have a counter to.

            As it happens there's an argument to say this is still Google's fault, even if the vendors couldn't be made to issue updates. Apple manage it. But Microsoft manage it with Windows and also managed it with Windows Phone, on which you got all patches whether manufactured by MS themselves, Nokia, HTC, LG or anyone else.

            So how come Google couldn't get a working update mechanism built into Android? Given the experience of the last 20 years of security, it was pretty stupid to not build it in from the start. But even allowing for that, they've had over ten years to get this sorted. And failed.

      2. Anonymous Coward
        Anonymous Coward

        Re: This is bang out of order!

        "Who was it who did the research to find the bug again?"

        A rival company with a bug ridden piss poor designed ecosystem.

        Apple - All Devices Patched - Regardless of Carrier. Check

        MS (when they did mobile) - All Devices patched regardless of Vendor or Carrier - Check

        Google - weeellll maybe, if you own some of our newish kit your should be ok, and a fairly recent flagship model from an other brand, but only when they can be arsed. But hey, we make shit loads of cash from our Play store and slurping your data, so who give a fuck eh?

    2. Dr Mantis Toboggan

      Re: This is bang out of order!

      Clearly you are getting Google and android mixed up. My Google device is patched promptly every month, just like apple devices are (intact right now iOS is so flakey it's been patched every other day at the moment)

  5. Tigra 07

    The question now is...

    How will Apple retaliate?

    1. Charlie Clark Silver badge

      Re: The question now is...

      Raising prices? It's what they usually seem to do.

    2. Anonymous Coward
      Anonymous Coward

      Re: The question now is...

      Declare war on Bananas.

      1. Anonymous South African Coward Bronze badge

        Re: The question now is...

        His Ookness have asked me to tell you how p*ssed off he is with your comment, as good bananananananananananas are most scarce to come by these days.

        Yours,

        rINCEWIND

    3. Anonymous Coward
      Anonymous Coward

      Re: The question now is...

      How will Apple retaliate?

      No need. It just patches the problem. Apple never as a problem getting patches to users.

      That said, with that volume of patches of late I almost feel a Microsoft user again :(.

      1. Anonymous Coward
        Anonymous Coward

        Re: The question now is...

        Why would they need to retaliate? He told Apple about the bug, Apple released an iOS update that fixed it, a week later he made the info public. If he was making the exploits public without telling Apple about it I could see where they'd be pissed, but he's helping them out here.

        Besides, if you read the sequence of steps here this is a REALLY esoteric and out there bug. He didn't just find a corner case, he had to build the corner first. If this is an example of the amount of work it takes to find a new jailbreak level attack, Apple is closing in on shutting down jailbreaks entirely.

        1. Anonymous Coward
          Anonymous Coward

          Re: The question now is...

          He didn't just find a corner case, he had to build the corner first.

          LOL, that deserves an upvote on its own, for language. Thanks for the laugh :).

  6. RyokuMas
    Stop

    "Beer went public after Apple worked out a fix for the kernel memory corruption bug."

    "Worked out" - did he give them time to test it?

    Of course, there is then the question of which would be the more damaging - a knee-jerk rush to push out a fix that is potentially under-tested and/or carrying further bugs, or taking the time to make sure that said fix is good but leaving the vulnerability open for a period of time?

    But once again, this is Google deciding to dictate the rules with their usual "disguise attacking the competition behind a mask of altruism" approach. And, judging from the comments appearing with increasing frequency on here, the scales are slowly beginning to fall from people's eyes...

    1. Anonymous Coward
      Anonymous Coward

      "Worked out" - did he give them time to test it?

      Well, it appears they followed responsible disclosure here by announcing the problem a while after it was fixed. Not that I disagree with your assessment of the actual aim of the program, but at least this announcement left a reasonable margin between fix and publication.

  7. Andy 97

    This bug in iOS, is it really that critical?

    I'm asking for a friend...

    1. Packet

      Doesn't seem to be that critical. In the sense that nobody is going to suddenly break into your phone remotely and make it start tearing up your pocket.

      They do say iOS 11.2 fixes it all - but from what I've read, it's a pig's breakfast of an update (though that could just be internet hyperbole)

      1. Andy 97

        Thank you for clarifying that.

        If I've understood you correctly; this means that Mr Beer is stirring-up for a rival phone ecosystem and bragging about it on Twitter to publicise how clever he is.

        But from what others have said, [his] employers' phone eco system is similarly rubbish too.

        1. Anonymous Coward
          Anonymous Coward

          But from what others have said, [his] employers' phone eco system is similarly rubbish too.

          Yes, but THEY control your search results..

      2. Anonymous Coward
        Anonymous Coward

        They do say iOS 11.2 fixes it all - but from what I've read, it's a pig's breakfast of an update (though that could just be internet hyperbole)

        Meh. Hooked the phone up to power and let it do its thing. I hesitate to use a cliché but it genuinely just did what it was supposed to do. That said, I'm certain it's just luring me into not make a backup just that once - it is still an IT device :).

    2. Naselus

      It's not much of a bug tbh, more a means to jailbreak the device.

      It's not trivial to execute, requires some fairly specialized knowledge and tools, can't be executed remotely and the end result is not a final aim for hackers (they might want to jailbreak the device in order to deploy a more useful attack, but won't simply be looking to jailbreak it as their endgame).

      This is kinda useful for security researchers (who like having jailbroken devices for testing purposes) but I wouldn't panic over this.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like