Just last month, hacker and iOS security researcher @08Tc3wBB teased a new exploit that would potentially be viable on iOS and iPadOS 13.6.1. One month later, A.K.A. just two weeks ago, @08Tc3wBB made it known that iOS and iPadOS 13.7 were both vulnerable to this very same exploit. Now, it seems we have confirmation that the exploit would be released for the benefit of the jailbreak community.
In a post shared to /r/jailbreak late last night, @FCE365 (also known as GeoSn0w) appears to question @08Tc3wBB in a direct message about their plans to release the exploit. While we’ve known for some time that @08Tc3wBB planned to release the exploit to the general public at some point, the message reveals the first ever confirmation that it would be shared directly with unc0ver jailbreak lead developer Pwn20wnd:
The responses from @08Tc3wBB provide at least some insight into the state of the exploit and a rough timeline of when we can expect it to go public.
From what we can gather, @08Tc3wBB plans to wait until all the vulnerabilities that make the exploit possible are fully patched by Apple before releasing it. Furthermore, the hacker will share a modified version of their exploit with Pwn20wnd that has been carefully tested for stability and exports tfp0 — a kernel task port that permits arbitrary code to be written to a handset’s kernel memory.
Given that Pwn20wnd was specifically name-dropped in this conversation, it remains to be seen if the same exploit will be forwarded to the Odyssey Team at release or not. What we do know is that ZecOps plans to draft a write-up that will discuss the exploit and how it works, and it’s possible that the Odyssey Team may be able to take advantage of it after the fact.
For what it’s worth, Pwn20wnd hasn’t been as active on Twitter as he once was, and hasn’t publicly announced any affiliation with the new exploit by @08Tc3wBB either. With that in mind, we still don’t know for sure whether unc0ver will be updated to add support for iOS & iPadOS 13.7 or not, although we have a strong hunch that it could be.
The best advice we can offer based on the current situation is that if you’re on iOS 13.6-13.7, then stay where you are. Avoid updating to iOS 14, as there isn’t yet a public jailbreak that supports iOS 14 for all devices. Additionally, Apple stopped signing iOS & iPadOS 13.7 just this past week, which prevents user downgrades to a firmware that is allegedly supported by the new exploit. Staying on the lowest possible firmware is always the best option when it comes to jailbreaking.
Are you excited to see that a new exploit could make the last versions of iOS and iPadOS 13 jailbreakable as Apple moves on to iOS 14? Let us know your feelings about the situation in the comments section below.