Successful exploitation will give an attacker root status on the device in question.
Ian Beer released a technical explanation of the bug after the standard 90-day period which Project Zero observes after reporting a bug to the manufacturer.
The code would allow kernel-level access and also provide an initial local kernel debugger, he said.
The exploit works by using memory corruption to run malicious code as the root user.
Beer said he had tested the exploit on an iPhone 7, iPhone 6s, and iPod touch 6G. Adding support for other devices “should be easy”, in his words.
tfp0 should work for all devices, the PoC local kernel debugger only for those I have to test on (iPhone 7, 6s and iPod Touch 6G) but adding more support should be easy— Ian Beer (@i41nbeer) December 11, 2017
Microsoft has replied in kind on one occasion, releasing details of a method whereby remote code can be executed within Google's Chrome browser.