Security researcher publishes XNU IPC Race Condition bug PoC impacting iOS 14.7.1 devices

It seemed like jailbreak-viable kernel exploits and security vulnerabilities for iOS & iPadOS 14 had all but disappeared over the course of the past several months, but with iOS & iPadOS 15 right around the corner, that appears to be changing.

A security researcher at Alibaba Security Pandora Lab that goes by the Twitter handle of @Peterpan980927 published details on GitHub late Wednesday evening outlining a proof of concept (PoC) of what they call a “XNU IPC Race Condition bug,” and it appears to be reachable from sandbox.

Update: The PoC was removed from GitHub shortly after being shared. We will update this post if we learn more.

Citing the Tweet, it seems the bug has been tested on an iPhone 11 running iOS 14.7.1 and a MacBook Pro running macOS versions 11.5.2 & 11.0.1. It’s plausible that the bug works with other hardware and software combinations, however the documentation isn’t especially clear about which ones are supported.

Given that the security researcher is dropping the PoC ahead of the iOS & iPadOS 15 release candidate, it’s a safe bet to assume that iOS & iPadOS 15 patch the bug demoed in the proof of concept.

The elephant in the room is the question of whether the PoC would be of any use to the jailbreak community or not. We’ve been unable to confirm at this time, so it’s something that may compel extra attention. Assuming it was viable for jailbreaking, it would likely just be just a single piece of the puzzle, as jailbreaks are complex to develop. Currently, the latest public jailbreaks are Taurine and unc0ver, and each one only supports up to and including iOS & iPadOS 14.3.

For those interested in learning more about the PoC, @Peterpan980927 has published it on GitHub.

For what it’s worth, iOS & iPadOS 14.7.1 are still being signed at the time of this writing, and this PoC seems to encompass that version of Apple’s mobile operating systems. However, Apple also just released iOS & iPadOS 14.8 to patch a nasty iMessage bug that could’ve been exploited by malicious hackers.

Are you excited about all the latest iOS & iPadOS security research developments that appear to be making their way out of the woodwork lately? Share your thoughts in the comments section down below.