Possible iOS 8.1.3 Vulnerability?

I managed to trigger a kernel panic from one of the core built-in iOS applications when I was playing around with my iPhone 6+ (running 8.1.3 non-jailbroken).

It was possible to replicate the crash after several attempts and I have found the method to replicate the crash on demand. Using that method, I was also able to replicate the crash on my iPhone 5S (running 8.1.3 non-jailbroken).

I was unable to replicate the crash on one iPhone 5 (running 8.1.2 non-jailbroken) and one iPhone 6 (running 8.1.2 non-jailbroken). This could be an issue with iOS 8.1.3 only. I have reported the bug to Apple Security.

Update: Tested on iOS 8.2 and the issue was still present.

[snip] ...

Debugger message: panic
OS version: 12B466
Kernel version: Darwin Kernel Version 14.0.0: Mon Jan 12 21:30:05 PST 2015;
iBoot version: iBoot­2261.3.33
secure boot?: YES
Paniclog version: 3
Kernel slide: 0x0000000004600000
Kernel text base: 0xffffff8006602000
Epoch Time: sec usec
Boot : 0x54face5c 0x00000000
Sleep : 0x00000000 0x00000000
Wake : 0x00000000 0x00000000
Calendar: 0x54fad0e2 0x00008ad6
Panicked task 0xffffff808841fb20: 25645 pages, 182 threads: pid 0: kernel_task
panicked thread: 0xffffff80886a21a0, backtrace: 0xffffff800312bab0
lr: 0xffffff80066db3c8 fp: 0xffffff800312bb10
lr: 0xffffff8006620f20 fp: 0xffffff800312bb70
lr: 0xffffff8006915e94 fp: 0xffffff800312bca0
lr: 0xffffff80066d83a0 fp: 0x0000000000000000

[snip] ...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s