Unless you’ve been living under a rock, you’ve undoubtedly witnessed the staggered inclusion of support for iOS 12.4 in the Electra Team’s Chimera jailbreak tool and Pwn20wnd’s unc0ver jailbreak tweak over the course of the past month. This feat was made possible with a revised version of the Sock Puppet exploit dubbed Sock Puppet 3 by security researcher Umang Raghuvanshi (@umanghere).
From what we can gather, today (Sunday, September 8th) is Raghuvanshi’s Birthday, and the lad has opted to celebrate his special day by open sourcing the Sock Puppet 3 exploit to the general public, a move that he hopes will contribute to even more great works in the community:
Sock Puppet 3 is now released under the BSD license, and for those unaware, it is a kernel exploit that targets iOS 12.0-12.2 and 12.4. According to Raghuvanshi, “it exploits a dangling kernel pointer to craft a fake task port corresponding to the kernel task and gets a send right to it.”
Raghuvanshi also adds that “it is extremely reliable on any device with more than a gigabyte of RAM. Interested readers may want to investigate how reallocations can be prevented — this might improve reliability even more.”
The open-sourced code is not readily compliable and requires at least some general knowledge about how exploits work to be used. That said, not just anyone can view the Sock Puppet 3 exploit’s source code and exploit your iOS device(s), which might yield a sigh of relief if you were worried about something like that.
Those interested in viewing the Sock Puppet 3 exploit’s source code will find it on GitHub.
At the time of this writing, iOS 12.4 is still being signed by Apple and can be readily downgraded to on any compatible device via iTunes. Apple released iOS 12.4.1 to the general public more than a week ago, which implies that the signing window is due to close as early as this week. As always, you can check the signing status of any version of iOS via the handy IPSW.me website. Those wanting to jailbreak are advised to downgrade to iOS 12.4 ASAP.
Are you happy to see that the Sock Puppet 3 exploit has been open-sourced? Discuss why or why not in the comments section below.