Right now, there's a lot going on in the jailbreak community. Not only the checkra1n team is actively trying to jailbreak iOS / iPadOS 14 on many other devices, but hacker and security researcher @ 08Tc3wBB could also soon share details on a possible exploit to jailbreak iOS / iPadOS 13.7. (final version of iOS / iPadOS 13).
If you're interested in the second news, you're probably still on iOS / iPadOS 13 after iOS / iPadOS 14 was released and you might be surprised to learn that @08Tc3wBB will present its latest research to the ZecOps security team at Black Hat Europe 2020.
The presentation is expected to last approximately 40 minutes. Here are the official notes related to the presentation:
Jailbreak refers to gaining iOS kernel privileges, by developing vulnerabilities. Usually, at least one kernel flaw is used. By overwriting sensitive data structures in the kernel, the jailbreak can run unauthorized code on the device without any restrictions. It can then be used to perform code insertion and interception of data on any process on the device. As a result, sometimes the jailbreaker might not be the owner of the device but an intruder who wants to steal or manipulate the information and include spreading the false information.
This talk will detail how a series of iOS vulnerabilities are exploited to achieve jailbreak on iOS 13.7. I will talk about their root causes, techniques used in the mining development process to bypass iOS-only mitigation measures, ultimately gaining the privilege of reading and writing kernel memory and demonstrate the potentially dangerous impact of the attack. The rest of my talk will be related to how these vulnerabilities were discovered, tips for reverse engineering. As an independent researcher, I hope to bring some inspiration to my audience.
From what we can gather, the talk will reveal basic information about the vulnerabilities used to jailbreak iOS / iPadOS 13.7. It not only talks about the use of these vulnerabilities for jailbreak, but also discusses how they can be used for malicious purposes. @ 08Tc3wBB Will also go into detail on how the vulnerabilities were found and hopefully attract more people to participate in security research.
We know from previous comment @ 08Tc3wBB that exploit he uses will be shared with unc0ver developer Pwn20wnd after being patched by Apple. Furthermore, a full article on the exploit will be published to the ZecOps website at a later date, which will open the door for other jailbreak developers to get their hands on it (perhaps the Odyssey Team?)
Completely clear, this is a tfp0 exploit, which Apple could patch with a software update. This is in contrast to the hardware-based bootrom checkm8 exploit that Apple cannot patch with a software update. The tfp0 exploit essentially converts to a kernel task port for writing to the kernel memory, and as such it's easy to see why this makes jailbreak possible.
While Black Hat Europe 2020 is still two months away, it's still great to have something to look forward to. For that reason, this is something you probably won't want to miss.
Are you glad @ 08Tc3wBB and will ZecOps present their findings soon? Share your opinion in the comments below.
The article Hacker @ 08Tc3wBB will announce the exploit that helps jailbreak iOS 13.7 with the ZecOps team that first appeared on ThuThuatJB day.