Linus Henze publishes PoC for CVE-2023-28206, a kernel bug patched in iOS 16.4.1

Linus Henze, the talented hacker behind the Fugu15 jailbreak for arm64e devices running iOS & iPadOS 15.0-15.4.1, just this week shared a proof of concept (PoC) for a security vulnerability dubbed CVE-2023-28206 that Apple fixed with the release of iOS & iPadOS 16.4.1.

iPhone hacked matrix.

Henze announced his PoC bright and early Monday morning via Twitter, shown above, where he linked to a GitHub page showing off his methodology and the result.

CVE-2023-28206 was reported to Apple by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab. As Apple notes on the security content page for iOS & iPadOS 16.4.1, a firmware update Apple released just last week, the vulnerability involves IOSurfaceAccelerator and could have granted kernel-level arbitrary code execution to any installed app.

While the vulnerability exists in iOS & iPadOS 16.4 and older for the iPhone 8 and later, it’s worth mentioning that it’s unlikely to result in a public jailbreak release in its own. That’s because Apple bolstered security in the latest firmware releases, especially on newer devices, with the likes of PAC and PPL. These extra layers of security require additional bypasses for a jailbreak to function, which complicates things and adds quite a bit more work for jailbreak developers.

In any case, it’s still awesome to see Henze dropping Easter Eggs from time to time, as they’ve been known to assist the jailbreak community. For example, TrollStore developer opa334 is now leading an effort to make Fugu15 into a public jailbreak. This effort is currently being called Fugu15 Max, but it’s expected to carry a different name by the time it reaches the general public outside of the beta period.

Anyone interested in viewing Linus Henze’s recently released PoC can head over to his GitHub page to see more.

Are you excited to see what becomes of Henze’s latest proof of concept? Be sure to let us know in the comments section down below.