Exploit

CoolStar teases jailbreak untether after achieving arbitrary code execution post-reboot

Untethered jailbreaks are something of a rarity these days, with most modern jailbreaks being either semi-tethered or semi-untethered variants instead. But a teaser by security researcher Linus Henze just one week ago manifested at least some hope that the community could witness one again soon, at least for the likes of iOS & iPadOS 14.5.1 and below.

And speaking of untethered jailbreaks, Odyssey Team lead developer CoolStar announced via the Sileo / Taurine / Odyssey Discord channel Monday evening that they had successfully achieved arbitrary code execution in a native iOS/iPadOS application after conducting a full reboot of the device. This is, of course, the hallmark feature of an untethered jailbreak.

Linus Henze demos untethered jailbreak on iPhone 12 Pro Max with iOS 14.5.1

For the past several years, the overwhelming majority of jailbreaks have been semi-untethered, meaning that you could still use a handset hacked liberated by said tools after a reboot, albeit in a non-jailbroken state.

The lack of untethered jailbreaks — or those that remain fully jailbroken following a reboot — has been a pain point for jailbreakers for as long as anyone can remember. For that reason, a Tweet shared by @LinusHenze Monday afternoon might be of particular interest…

Newly teased PoC raises hope for pwning certain handsets on iOS 14.4-14.5.1

The most current jailbreak tools available to the public today are Taurine and unc0ver, each of which are capable of jailbreaking devices running up to and including iOS or iPadOS 14.3. Several iPhone and iPad software updates later, and we’re currently residing at iOS & iPadOS 14.7.1 with a public iOS & iPadOS 15 release looming just over the horizon.

Having said that, the elephant in the room would be the blazingly-obvious question: where are all the jailbreak-viable exploits for iOS 14.4 and later?

Hacker 08Tc3wBB plans to present and publish a kernel exploit for M1-equipped Macs

Apple hasn’t held back from being vocal about the performance and security of its proprietary M1 chip – the tried-and-true powerhouse found inside of several different Mac computer models and even the highest-end 2021 iPad Pro. But as it would seem, not even the venerable M1 chip is hack proof…

Hacker and ZecOps security researcher @08Tc3wBB, known for contributions to the jailbreak community in the form of exploits that have been used in tools such as unc0ver by Pwn20wnd, appears to have made a momentous breakthrough with respect to the M1 chip.

Ian Beer publishes PoC that could allow arbitrary code execution on iOS 14.4-14.5.1

Modern jailbreak tools like Taurine and unc0ver can currently jailbreak all iOS & iPadOS 14 devices running up to and including iOS & iPadOS 14.3. It’s been quite a while since any of these tools have picked up support for new firmware, but there’s always the very real possibility that these tools could add support for new firmware in the future.

Fortunately for those whose devices are operating on iOS or iPadOS 14.4 through 14.5.1, there just might be some hope. Renowned security researcher Ian Beer of Google Project Zero has just released documentation of what appears to be a kernel-level proof of concept (PoC) impacting up to and including iOS & iPadOS 14.5.1.

Arbitrary code execution achieved on iOS 14.5.1 and below, write-up purportedly coming at a later date

Apple just yesterday released iOS & iPadOS 14.6 to the general public to lay the groundwork for Apple Music’s upcoming lossless playback option, support Apple Card Family, and more. But that's not all...

Also worth noting is that iOS & iPadOS 14.6 patched a number of security vulnerabilities, including one that purportedly allowed security researcher @xerub to gain arbitrary code execution by simply parsing a carefully crafted certificate.