The latest development in iPhone and iPad security research this week saw @_p0up0u_ Tweeting a link to a GitHub project for achieving read and write to kernel memory on Apple devices called kernel file descriptor (or kfd for short).
Citing the description on GitHub, kfd “leverages various vulnerabilities that can be exploited to obtain dangling PTEs.” It’s a means of achieving a kernel read/write primitive, which is something that can be useful for jailbreaking.
The announcement kicked up quite a bit of attention from the jailbreak community this week, including from Dopamine lead developer Lars Fröder, who said that it might be possible to use kfd for a jailbreak on iOS 16.5 and older, assuming we get a PPL bypass.
PPL stands for Page Protection Layer, and it works as a means of security by preventing code from being modified once it’s verified by the system. PPL bypasses aren’t particularly common, and one isn’t currently available to the public for the referenced firmware range at this time.
Typically, jailbreak developers like to see both a PPL bypass and a PAC bypass along with a useful effort like kfd, but if what Fröder said is true, then it might be possible to skip the PAC bypass for jailbreaks on firmware including iOS 15.2 and newer and use other tricks to make a jailbreak instead — again, contingent on a PPL bypass being released, which hasn’t happened yet.
Notably, Fröder put out a PSA on Saturday confirming that he does not plan to work on an iOS 16 jailbreak, but those plans could change. Should that ever happen Fröder said he wouldn’t announce his efforts publicly nor would he open source it, as the Dopamine jailbreak he worked on was leaked early against his wishes:
In any case, the emergence of successful kernel read and write capabilities for iPhones and iPads running newer firmware, especially newer devices, is good news for the jailbreak community because it means there could be light at the end of the tunnel.
Even despite Fröder’s PSA that he wouldn’t be working on a jailbreak, the fact that at least some of the resources exist means there’s a modicum of hope for those waiting. We just wait now to see if someone will step up to the plate for this challenge.