If you’ve been following the developments surrounding iOS & iPadOS security research lately, then there’s no way you could have missed Brightiup’s CVE-2021-30955 kernel bug for iOS & iPadOS 15.0-15.1.1. Soon after the write-up, hackers and security researchers alike began making proof-of-concepts (PoCs), and later came the full-blown exploit from @b1n4r1b01.
Brightiup’s CVE-2021-30955 kernel bug for iOS & iPadOS 15.0-15.1.1 has received tons of publicity lately after two prestigious security researchers including Jake James and @Peterpan980927 each went hands-on to develop proof-of-concepts (PoCs) based on the original write-up, which didn’t come with a PoC of its own.
Those closely following the iOS & iPadOS software security sector might remember an iOS & iPadOS 15.0-15.1.1 kernel bug write-up published by Kunlun Lab security researcher @realBrightiup just last week. A day later, Alibaba Security Pandora Lab security researcher @Peterpan980927 showed off a proof-of-concept (PoC) using that write-up as a template.
It was only a few days ago that a kernel-level jailbreak detection bypass had been released to the general public. Dubbed FlyJB by @XsF1re, the project was quickly taken down after the developer lost confidence in his work. But much of his efforts remained open source, permitting future projects to draw inspiration from it.
Now, a second kernel-level jailbreak detection bypass called KernBypass by has been released, this time by Twitter user @akusio_RR. The project credits @XsF1re for vnodebypass, hacker Jake James for jelbrekLib, and @0x7ff for maphys. But what does all this mean?
It was only yesterday that talented hacker and iOS exploit tinkerer Jake James released time_waste, a reworked version of Brandon Azad’s oob_timestamp tfp0 exploit. Time_waste solves many of the memory leak issues that were present in the oob_timestamp exploit, and given the apparent enhancements, it’s not difficult to see why Pwn20wnd switched to using James’ exploit for the unc0ver jailbreak instead.
But while the aforementioned advantages are obvious, that didn’t stop James from taking things a step further. Just this afternoon, James announced via Twitter that he had managed to get the time_waste tfp0 exploit working on iOS 12; moreover, it even seems to play nicely with A8X-equipped devices:
Those who’ve been keeping close tabs on the jailbreak community as of late should be keenly aware of Brandon Azad’s oob_timestamp exploit, which made iOS 13.0-13.3 support for A12(X)-A13 devices via the unc0ver jailbreak possible. As wonderful as it is, the oob_timestamp exploit isn’t without its shortcomings, such as memory leaks.
Given the aforementioned circumstances, a series of Tweets shared early this morning by renowned hacker Jake James may be considered great news for the jailbreak community:
Jailbreakers haven’t even been able to blink their eyes lately without some sort of news regarding exploit or jailbreak tool updates, and as it would seem, there’s no sign that this will be slowing down anytime soon.
While the bulk of this news has dealt with adding support for newer firmware versions by way of updated and more efficient exploits, hacker and rootless JB 3.0 developer Jake James shook things up a bit this morning when he released updated versions of his Sock Port and Sock Port 2 tfp0 exploits with support for 64-bit devices running iOS 10.0-10.3.3:
If you’ve been paying attention to the slew of jailbreak tool updates in the last couple of weeks, then Jake James’ Sock Port exploit has undoubtedly caught your attention. Pwn20wnd’s unc0ver jailbreak tool for iOS 11.0-12.2 was the first to implement it, but it could only jailbreak A9-A11 devices running iOS 11.0-12.1.4 at the time.
Just this morning, James shared an exciting announcement on Twitter regarding the Sock Port exploit, and as it would appear, oodles of modifications and refinements throughout the past week have made it compatible with all devices running iOS 11.0-12.2, including the A12(X) variety:
Saurik delivered a Twitter-based Tropicana speech on Friday regarding the state of Cydia Substrate for A12(X) devices, and from what we can tell, its release is anything but imminent; in fact, there’s no telling if it’ll ever be released. Not only is Saurik getting tired of updating Cydia Substrate, but Apple made things more difficult in A12(X) by adding new logic and challenges.
Prominent members of the modern jailbreak community are now responding to Saurik’s words of wisdom, beginning with unc0ver lead developer Pwn20wnd:
Hacker and unc0ver lead developer Pwn20wnd is continuing the hype for his upcoming iOS 12 jailbreak on Friday as he inches closer to dropping the first public beta.
Subtle hints made their way to Twitter this afternoon as Pwn20wnd changed his name once again from “Pwn20wnd is preparing unc0ver for iOS 12…” to “Pwn20wnd is preparing to drop unc0ver for iOS 12:”
Renowned hacker and unc0ver lead developer Pwn20wnd has issued a new revision to the unc0ver v3.0.0 pre-release Friday morning; beta 28 is now the latest version available for public testing purposes.
In a Tweet shared just minutes ago by Pwn20wnd, we learn that unc0ver v3.0.0 beta 28 adds provisions for timstar’s iOS 12-centric v3ntex exploit; on the other hand, the tool only supports the iPad Air 2 and iPad mini 4 with the v3ntex exploit at the time of this writing. Support for more devices will come later:
Avid jailbreakers who are on iOS 12.0-12.1.2 currently have one of two options: 1) use rootlessJB 3.0, a developer-centric, SSH-based rootless jailbreak without Cydia; or 2) wait for a full-featured jailbreak solution with Cydia (like Electra or unc0ver) to surface. Fortunately, those who are stuck in the latter boat could be one step closer to jailbreaking as of this weekend.
Hackers @MiscMisty and @Lakr223 took to Twitter early Saturday morning to display a proof of concept of a working iOS 12.x-oriented rootfs remount. But perhaps more importantly, they noted how they would be releasing it very shortly.