Arbitrary code execution achieved on iOS 14.5.1 and below, write-up purportedly coming at a later date

Apple just yesterday released iOS & iPadOS 14.6 to the general public to lay the groundwork for Apple Music’s upcoming lossless playback option, support Apple Card Family, and more. But that’s not all…

Also worth noting is that iOS & iPadOS 14.6 patched a number of security vulnerabilities, including one that purportedly allowed security researcher @xerub to gain arbitrary code execution by simply parsing a carefully crafted certificate.

Citing comments made in a Tweet chain from only a few hours ago, @xerub appears to acknowledge the bug and adds that a full write-up about it will be released at a later date:

In a separate Twitter conversation with @tihmstar, @xerub noted that a release would be likely for this Summer, adding that it would “make your head spin”:

The phrase “arbitrary code execution” excites many jailbreakers because it means that code outside of the scope of Apple’s allowances can be deployed on vulnerable handsets. In other words, it could be possible to use this bug to deploy a jailbreak.

We don’t yet know many details about the bug, except that it works on firmware versions prior to iOS/iPadOS 14.6. This also suggests that it should work on any device that supports these firmware versions, up to and including the iPhone 12 lineup.

With that in mind, those looking forward to jailbreaking may want to downgrade their devices’ installed firmware to iOS or iPadOS 14.5.1 while it’s still being signed and before Apple closes the signing window in the near future.

Having said that, there is no concrete ETA for said write-up, nor is there any guarantee that an exploit fit for jailbreaking will materialize. If it does, however, then there’s a strong likelihood that it could be picked up by existing iOS & iPadOS 14-supported jailbreak tools like Taurine and unc0ver.

Even if nothing materializes from this, staying on the lowest possible firmware is hallmark advice for jailbreaking, especially given the fact that older versions of iOS and iPadOS are easier to crack than newer versions because of the existence of more bugs.

Are you excited to learn that a new exploit could be just over the horizon that supports up to and including iOS & iPadOS 14.5.1? Be sure to share your thoughts in the comments section down below.