When Applereleased iOS & iPadOS 15.0.2on Monday, one of the major changes was a security patch for a vulnerability reported inIOMobileFrameBufferin which memory corruption could have resulted in an app executing arbitrary code with kernel-level privileges.
Apple also warned in today’s iOS & iPadOS 15.0.2security content bulletinthat the vulnerability mentioned above may have been actively exploited in the wild and that it affected devices including the iPhone 6s and later, all models of iPad Pro, the iPad Air 2 and later, the iPad 5thgeneration and later, the iPad mini 4 and later, and the iPod touch 7thgeneration.
Seeing the words “arbitrary code” and “kernel-level privileges” in the same sentence can easily get your heart racing if you’re a jailbreaker hungering for ajailbreakfor firmware later than iOS or iPadOS 14.3. That said, it might be worth mentioning that a writeup, including a proof of concept (PoC) of the vulnerability patched by iOS & iPadOS 15.0.2, is now available in a blog postpublishedby security researcherSaar Amar.
Amar notes in the blog post that the attack surface being accessible from the app sandbox makes it ideal for jailbreaking.
In an /r/jailbreak post pertaining to the writeup’s release, moderatoraaronp613explainsthat it could be potentially useful for semi-untethered jailbreaks for up to and including iOS & iPadOS 15.0.1. This includes the latest versions of iOS & iPadOS 14, buta lot more work would be required to make an iOS & iPadOS 15 jailbreakbecause of all the security changes Apple employed under the hood in the latest mobile operating systems.
We would like to reiterate for clarity – while this work could very likely extend an olive branch for jailbreaking more versions of iOS & iPadOS 14 than before, we shouldn’t expect an iOS or iPadOS 15 jailbreak anytime soon.
It’s not inconceivable for existing jailbreaks such asTaurineandunc0verto use this kernel vulnerability in an attempt to support for iOS & iPadOS 14.4-14.8, however it remains unconfirmed at the time of this writing whether that would happen or not. Consequently, there’s no ETA associated with it either.
On a slightly unrelated note, security researcher Linus Henzeplans to release an untether on October 21stthat is expected to result in an untethered jailbreak for up to iOS & iPadOS 14.5.1 and may even help in the development of a semi-untethered jailbreak for iOS & iPadOS 14.6. Today’s PoC goes a step further and includes iOS & iPadOS 14.7-14.8, however it certainlywouldn’tbe untethered.
As always, the best advice we can offer to anyone that isn’t jailbroken with the hope of one day becoming jailbroken is to stay on the lowest possible firmware and wait for new developments. This is because updating your iPhone or iPad’s firmware often closes vitalsecurityholes that jailbreak developers can exploit to make jailbreaks work.
Also, remember to save your devices’ .shsh2 blobs when vulnerable firmware version(s) are signed in order to help ensure downgrade eligibility!
Are you as excited as we are to witness what becomes of today’s revelation? Be sure to let us know in the comments section down below.
