When Apple released iOS & iPadOS 15.0.2 on Monday, one of the major changes was a security patch for a vulnerability reported in IOMobileFrameBuffer in which memory corruption could have resulted in an app executing arbitrary code with kernel-level privileges.
Apple also warned in today’s iOS & iPadOS 15.0.2 security content bulletin that the vulnerability mentioned above may have been actively exploited in the wild and that it affected devices including the iPhone 6s and later, all models of iPad Pro, the iPad Air 2 and later, the iPad 5th generation and later, the iPad mini 4 and later, and the iPod touch 7th generation.
Seeing the words “arbitrary code” and “kernel-level privileges” in the same sentence can easily get your heart racing if you’re a jailbreaker hungering for a jailbreak for firmware later than iOS or iPadOS 14.3. That said, it might be worth mentioning that a writeup, including a proof of concept (PoC) of the vulnerability patched by iOS & iPadOS 15.0.2, is now available in a blog post published by security researcher Saar Amar.
Amar notes in the blog post that the attack surface being accessible from the app sandbox makes it ideal for jailbreaking.
In an /r/jailbreak post pertaining to the writeup’s release, moderator aaronp613 explains that it could be potentially useful for semi-untethered jailbreaks for up to and including iOS & iPadOS 15.0.1. This includes the latest versions of iOS & iPadOS 14, but a lot more work would be required to make an iOS & iPadOS 15 jailbreak because of all the security changes Apple employed under the hood in the latest mobile operating systems.
We would like to reiterate for clarity – while this work could very likely extend an olive branch for jailbreaking more versions of iOS & iPadOS 14 than before, we shouldn’t expect an iOS or iPadOS 15 jailbreak anytime soon.
It’s not inconceivable for existing jailbreaks such as Taurine and unc0ver to use this kernel vulnerability in an attempt to support for iOS & iPadOS 14.4-14.8, however it remains unconfirmed at the time of this writing whether that would happen or not. Consequently, there’s no ETA associated with it either.
On a slightly unrelated note, security researcher Linus Henze plans to release an untether on October 21st that is expected to result in an untethered jailbreak for up to iOS & iPadOS 14.5.1 and may even help in the development of a semi-untethered jailbreak for iOS & iPadOS 14.6. Today’s PoC goes a step further and includes iOS & iPadOS 14.7-14.8, however it certainly wouldn’t be untethered.
As always, the best advice we can offer to anyone that isn’t jailbroken with the hope of one day becoming jailbroken is to stay on the lowest possible firmware and wait for new developments. This is because updating your iPhone or iPad’s firmware often closes vital security holes that jailbreak developers can exploit to make jailbreaks work.
Also, remember to save your devices’ .shsh2 blobs when vulnerable firmware version(s) are signed in order to help ensure downgrade eligibility!
Are you as excited as we are to witness what becomes of today’s revelation? Be sure to let us know in the comments section down below.