Jake James publishes work-in-progress exploit achieving kernel R/W on A8-A9 running iOS 15.0-15.2 beta 1

If you’ve been following the developments surrounding iOS & iPadOS security research lately, then there’s no way you could have missed Brightiup’s CVE-2021-30955 kernel bug for iOS & iPadOS 15.0-15.1.1. Soon after the write-up, hackers and security researchers alike began making proof-of-concepts (PoCs), and later came the full-blown exploit from @b1n4r1b01.

Among the resulting PoCs was one created by Jake James, a hacker known for tweaking exploits. But despite @b1n4r1b01’s exploit release, James appeared to continue working on his own version of an exploit, which is evidenced by a Tweet shared this Monday afternoon.

From what we can gather, James has successfully achieved kernel memory read & write privileges on an A8X-equipped iPad Air 2 running iPadOS 15.0. What’s more is that James says his method works on devices with the A9 chip as well.

As for devices with newer and faster chips, which most jailbreak hopefuls today are using, James says that @b1n4r1b01’s “method of guessing the data buffer address” would enable support of such devices.

James went on to say that more cleanup is required, which highlights the infancy of today’s demonstration. This is typical of software exploitation, as optimizing exploits can provide a cleaner and faster exploration with an improved success rate, or in some cases, support for additional devices.

The exploit is very much a work in progress, but nevertheless, the current progress has been published on GitHub with theoretical support for all A8-A9 devices running any version of iOS or iPadOS from 15.0-15.2 beta 1. James says it’s fairly reliable, at least in his own limited testing:

For what it’s worth, Odyssey Team lead developer CoolStar is already looking into the exploit provided by @b1n4r1b01 as a possible catalyst for an iOS & iPadOS 15.0-15.1.1 jailbreak, and it’s likely that such a jailbreak will be rootless because of Apple’s secure system volume (SSV) security mitigations. Fortunately, jailbreak tweaks will operate on such a jailbreak, but may require updates to support them.

It remains to be seen if other jailbreak developers, such as the unc0ver team, are looking into the possibility of an iOS & iPadOS 15.0-15.1.1 jailbreak using the new exploit at this time, however it’s also worth noting that Pwn20wnd isn’t one to post regular status updates.

Are you excited to see what becomes of all the exploit excitement? Let us know in the comments section down below.