If you’ve been following along lately, then you might be well-versed on the impressive number of spicy iOS & iPadOS exploits that have been surfacing over the past several weeks.
Between Linus Henze’s Fugu14 untether and Saar Amar’s kernel exploit for iOS 15.0.2 and below, it certainly seems like there could be a lot of exciting things to come. But if you thought that would be the end of all this exploit-centric excitement, then think again…
Using Twitter late last night, hacker @realBrightiup shared a screenshot of what appears to be a working kernel-level exploit for iOS 15.1 and below. The screenshot in the Tweet depicts the exploit being tested on an iPhone 13,4, or known more colloquially as the iPhone 12 Pro Max, running iOS 15.1 build 19B74.
iOS & iPadOS 15.1 are currently the latest version of Apple’s mobile operating systems, so this is big.
The screenshot validates that the exploit unlocks writes to the kernel memory, which is an important step in achieving arbitrary code execution. But the bigger question would be whether the exploit can be accessed from the app sandbox or not, which we don’t yet know the answer to at the time of this writing. Having said that, it’s difficult to ascertain from the available details whether or not it could be used for jailbreaking.
iOS & iPadOS 15 bring a new challenge for jailbreak developers to conquer if they’re to achieve a jailbreak on Apple’s latest and greatest mobile operating system: signed system volume (SSV) protection. This extra barrier means jailbreak developers would need to devise a bypass, otherwise future jailbreaks would need to be rootless.
With all the kernel exploits that seem to be dropping lately, and many of those including support for certain versions of iOS & iPadOS 15, it should be interesting to see what materializes from it all. After all, these exploits prove one thing: security holes exist in any software update Apple releases, regardless of how hard the company tries to keep hackers out, jailbreak or not.
What are your thoughts about the impressive security research feat shared by @realBrightiup? Let us know in the comments section down below.