Project Zero security researcher Ned Williamson teases kernel vulnerability in iOS & iPadOS 15.4.1 and older

Google Project Zero security researcher Ned Williamson took to Twitter Wednesday afternoon to share details on what appears to be a new kernel-level vulnerability proof-of-concept (PoC) for a recent version of iOS & iPadOS.

In the full Tweet, shown above, Williamson says that the vulnerability (CVE-2022-26757) uses a new technique to find race conditions deterministically.

We can also gather from the accompanying blog post that the vulnerability supports iOS & iPadOS 15.4.1 and older. The bug appears to be fixed in iOS & iPadOS 15.5 — currently the latest publicly available non-beta firmware for iPhones and iPads alike.

Williamson plans to discuss and open source his findings at the Black Hat 2022 cybersecurity event, which is scheduled for August of this year.

Important to note here is that this is only a vulnerability PoC and not a full-blown kernel exploit. It could be used to create a kernel exploit, but that would require additional work by a talented hacker based on the PoC.

Another note, especially for jailbreakers who might be looking at this PoC with a glimmer of hope, is that an exploit alone isn’t enough to make a jailbreak tool these days. New security mitigations in the latest versions of iOS & iPadOS 15 will necessitate additional workarounds in addition to an exploit, assuming one gets released based on the PoC.

At this time, only the checkra1n Team and Odyssey Team are known to be working on iOS & iPadOS 15.x jailbreaks. Checkra1n will utilize the checkm8 bottom exploit for A7-A11 devices, while the Odyssey Team’s upcoming rootless jailbreak will support all devices running iOS & iPadOS 15.0-15.1.1.

According to Odyssey Team lead developer CoolStar, Apple has made it intentionally difficult to jailbreak iOS & iPadOS 15.2 and later, requiring additional techniques to be burned for each and every new release thereafter.

In any case, it will be interesting to see what becomes of Williamson’s latest PoC when released, whether it is or isn’t used in jailbreak production.