You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
That is the same bug as already publicly documented from the patch by @elvanderb and exploited by @jaakerblom, see John's repo here:https://github.com/potmdehex/multipath_kfree …
The vfs bug doesn't require an Apple developer cert but is considerably harder to exploit. You get to write 8 NULL bytes off the end of a kalloc.16 buffer. It's sufficiently hard to exploit that it's worth trying just to demonstrate that such issues are reliably exploitable...
see eg The Poisoned Nul Byte, 2014 by @scarybeasts https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html … . But it takes time. The mptcp exploit is mostly recycled bits of earlier exploits. The getvolattrlist bug needs some new techniques.
The trigger is here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1564 … If you're in to iOS exploit dev take a go at it and blog about it! I'll publish what I have soon, hopefully this week.
Finally: always keep your personal iOS devices up to date and only use these tools on devices which don't have any personal information and are only used for research.
(footnote: for the vfs bug technically you can control a handful of bits in the 8 overflow bytes, the overflow value is actually two 4 byte flag fields. This may or may not help.)
So we’re gonna have to wait for a while on 11.3.1 since writing a Jailbreak code is hard as what you mentioned.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
