iPhone

One of Kunlun Lab’s kernel exploits was patched in iOS 15.2, and a write-up could be coming soon

When Apple released iOS & iPadOS 15.2 on Monday, it closed a large number of security holes that could have been used for jailbreaking, including a handful that were used by the Pangu Team to remotely pwn an iPhone 13 Pro on the first day of TianfuCup 2021.

Another item present on Apple’s security analysis webpage for iOS & iPadOS 15.2 that might have garnered some attention was CVE-2021-30955, which was reported by Zweig of the security research firm Kunlun Lab.

After Apple released iOS & iPadOS 15.2 on Monday, Kunlun Lab security researcher @realBrightiup shared a teaser via Twitter of what appears to be a working kernel-level exploit for iOS & iPadOS 15.1.1 and below:

A closer look at the teaser is shown below for your viewing pleasure:

Although the teaser was impressive in and of itself, @realBrightiup went on to say that Kunlun Lab’s policy would grant the publication of a detailed writeup on CVE-2021-30955 around two months from now — that’s somewhere around mid-February.

Given that there hasn’t been any sort of iOS or iPadOS 15-centric jailbreak release to date, @realBrightiup’s upcoming write-up could be instrumental in moving progress forward.

Apple’s own ‘About the Security Content of iOS 15.2’ page notes that CVE-2021-30955 could have enabled a malicious app to execute arbitrary code with kernel privileges, and @realBrightiup’s teaser demonstrates successful writes to the kernel memory after using it. Having said that, CVE-2021-30955 should be accessible from the sandbox without special entitlements, and therefore it could be viable for jailbreaking.

Good news aside, it’s worth noting that iOS & iPadOS 15 change how jailbreaks operate in their current form because the system volumes are now more challenging to access. This increases the likelihood that jailbreaks for iOS & iPadOS 15 would need to be rootless, but this shouldn’t impinge upon the functionality of jailbreak tweaks.

We should add that going rootless isn’t the only option for jailbreak developers who are interested in creating jailbreaks for iOS & iPadOS 15. For example, it seems that checkra1n could pick up iOS & iPadOS 15 support by utilizing blind remounts instead of going rootless. The tool would then create a new volume to write jailbreak data to.

Whether CVE-2021-30955 turns out helpful in jailbreak development or not remains to be seen. But with a two month wait before the official write-up, and the fact that it takes a long time to develop jailbreaks fresh in mind, common sense indicates that could be a while before we see learn about any sort of new iOS & iPadOS 15-based jailbreak release.

In any case, it’s still uplifting to witness talented members of the security research community actively publishing their work, as this is an important aspect of both jailbreaking and improving handset security for those who don’t jailbreak alike.

Are you excited to see what becomes of @realBrightiup’s upcoming write-up? Be sure to let us know in the comments section down below.

Related Articles

0 Comments
Inline Feedbacks
View all comments
Back to top button