New kernel bug POC raises hopes for an iOS 13.3.1 jailbreak

Jailbreak tools like unc0ver rely on frequently-released exploits to extend firmware support as Apple launches new versions of iOS. In the past couple of months, unc0ver has picked up support for iOS 13.0-13.3, leaving iOS 13.3.1 users in the dust. Now that iOS 13.4 is publicly available, the golden jailbreaker’s rule that is to ‘stay on the lowest possible firmware’ comes into focus again.

At the time of this writing, the lowest possible firmware that Apple continues to sign is iOS 13.3.1, but unc0ver doesn’t yet support this version of iOS. Fortunately, a promising new kernel bug proof of concept supporting iOS 13.3.1 has been shared by Twitter user @_simo36, and while it remains to be confirmed whether this bug can achieve tfp0 (read/write into the kernel memory), it can purportedly be accessed from sandbox.

If tfp0 can be achieved with this new POC kernel bug, then it would be excellent news for the jailbreak community because it would mean that jailbreaks like unc0ver could potentially receive support for iOS 13.3.1. This doesn’t include Apple’s recently released iOS 13.4, but it could at least be a step forward for those who accidentally updated or didn’t downgrade to iOS 13.3 soon enough before the latest versions of unc0ver were released.

Benjamin Weaver, a notorious unc0ver internal beta tester, Tweeted yesterday that avid jailbreakers shouldn’t install iOS 13.4, and that those who did should downgrade to iOS 13.3.1 immediately before Apple closes the signing window:

Hacker and unc0ver lead developer Pwn20wnd Retweeted this Tweet, adding credibility to the theory team unc0ver is currently looking into the possibility of using this bug. That said, this doesn’t guarantee its viability, and the recommendation to downgrade is merely precautionary at best.

Whatever the case may be, and whether this bug does produce a jailbreak for all devices running iOS 13.3.1 or not, it’s still advisable that those itching to jailbreak downgrade from iOS 13.4 and avoid any software updates. If a jailbreak does get released, it’s more likely to support older firmware versions; that said, iOS 13.3.1 has a much better chance of being jailbroken than iOS 13.4.

Those interested can read more about the kernel bug POC on the developer’s GitHub page.

Notably, the checkra1n jailbreak can already be used to pwn iOS 13.3.1 and even iOS 13.4 because it uses a hardware-based bootrom exploit, but this exploit only supports A7-A11 devices ranging from the iPhone 5s to the iPhone X, whereas unc0ver would be able to support just about every device – newer ones included.

Are you excited to see if anything materializes from @_simo36’s POC? Discuss in the comments section below.