Just yesterday, we shared Kunlun Lab security researcher @realBrightiup’s write-up about CVE-2021-30955, a kernel bug that could have resulted in arbitrary code execution with kernel-level privileges via the app sandbox if exploited on iOS or iPadOS 15.0-15.1.1.
While the original write-up didn’t include a proof of concept (PoC) at the time, that didn’t stop some talented hackers from attempting to make their own, and that’s exactly what Alibaba Security Pandora Lab security researcher @Peterpan980927 has done.
In the Tweet shown above, @Peterpan980927 showcases their PoC using @realBrightiup’s bug, and then goes on to compliment it as being a “really awesome bug.”
Unfortunately, while CVE-2021-30955 supports iOS & iPadOS versions 15.0-15.1.1, it was only first introduced in iOS & iPadOS 15.0, which means it doesn’t support any iOS or iPadOS 14 version.
While there’s no guarantee that this particular bug will be exploited for the purpose of jailbreaking iOS & iPadOS 15.0-15.1.1, having a PoC is important because it directs jailbreak developers on how to properly use the bug if they wish to implement it into their tools.
Additionally, a resulting exploit wouldn’t be plug-and-play because iOS & iPadOS 15 introduced SSV security mechanism that will require an entirely different means of jailbreaking.
While some jailbreaks may go rootless to avert this, the checkra1n team appears to be planning to use bind mounts instead of union mounts and then create a separate volume for everything that can’t be bind-mounted.
In any case, it’s going to be interesting to wait and see what becomes of all the hubbub. Be sure to share your thoughts on all that has been happening in the comments section down below.