wraggster
November 14th, 2020, 22:50
When it comes to app-based jailbreaks such as unc0ver (https://unc0ver.dev/) and Odyssey (https://theodyssey.dev/), new kernel exploits are always essential in order to jailbreak newer iOS releases. This is because kernel exploits, unlike hardware exploits such as checkm8 (https://wololo.net/2019/09/27/ios-devices-axi0mx-releases-checkm8-an-unpatchable-bootrom-exploit-allowing-for-jailbreaks-on-every-fw-downgrades-dualbooting-and-more-exploit-works-on-a5-a11-devices-including-the-iphone-x/) (supports A11 & older), can be patched through an iOS update thus eliminating previously-used methods to obtain arbitrary code execution with kernel privileges which are key to jailbreak development.
Now, simo (@_simo36 (https://twitter.com/_simo36/status/1324491290478858242?s=20) on Twitter) has released a PoC (https://twitter.com/_simo36/status/1324491290478858242?s=20) for CVE-2020-27905 (fixed in iOS 14.2 (https://support.apple.com/en-us/HT211929) released 2 days ago) which is a vulnerability in the IOAcceleratorFamily component found within iOS that allows for arbitrary code execution with system privileges according to Apple. It is important to mention that simo has released a PoC not a fully-fledged exploit meaning that the code in its current form does not grant tfp0 and/or kernel R/W. However, simo also mentioned that he might release an exploit later on although someone else in the community might decide to write an exploit themselves with the PoC to expedite the creation of a jailbreak for an app-based iOS 14.1 supporting all devices!
https://wololo.net/2020/11/07/ios-jailbreaking-_simo36-releases-poc-of-vulnerability-allowing-for-arbitrary-code-execution-on-ios-14-1-coolstar-advises-users-to-stay-on-this-version-save-blobs/
Now, simo (@_simo36 (https://twitter.com/_simo36/status/1324491290478858242?s=20) on Twitter) has released a PoC (https://twitter.com/_simo36/status/1324491290478858242?s=20) for CVE-2020-27905 (fixed in iOS 14.2 (https://support.apple.com/en-us/HT211929) released 2 days ago) which is a vulnerability in the IOAcceleratorFamily component found within iOS that allows for arbitrary code execution with system privileges according to Apple. It is important to mention that simo has released a PoC not a fully-fledged exploit meaning that the code in its current form does not grant tfp0 and/or kernel R/W. However, simo also mentioned that he might release an exploit later on although someone else in the community might decide to write an exploit themselves with the PoC to expedite the creation of a jailbreak for an app-based iOS 14.1 supporting all devices!
https://wololo.net/2020/11/07/ios-jailbreaking-_simo36-releases-poc-of-vulnerability-allowing-for-arbitrary-code-execution-on-ios-14-1-coolstar-advises-users-to-stay-on-this-version-save-blobs/