A lot is happening in the jailbreak community right now. Not only is the checkra1n team actively trying to jailbreak iOS and iPadOS 14 on many more devices, but hacker and security researcher @ 08Tc3wBB may also soon share details on a exploit that is viable for jailbreaking iOS and iPadOS 13.7 (the latest versions of Apple’s previous generation mobile operating systems).
If you’re more interested in the latter treat, which is probably the case if you lived on the lowest possible firmware after iOS and iPadOS 14 were released, you may be ecstatic to learn that @ 08Tc3wBB will present its latest research with the security group ZecOps at the Black Hat Europe 2020 event.
Vague details about the planned presentation are available on the website Black Hat Europe 2020. There we learn that the event will be completely virtual and take place from Monday, December 7thth to Thursday, December 10thth. Furthermore, the presentation is expected to last about 40 minutes. Here are the official comments regarding the presentation:
Jailbreaking refers to the acquisition of the core privilege of iOS through the development of vulnerabilities. Usually at least one core vulnerability is used. By overwriting the sensitive data structure in the kernel, jailbreakers can run unauthorized code on the device without any restrictions. It can then be used to perform code injection and data interception in any process on the device. Sometimes a jailbreaker may not be the owner of the device, but an intruder who wants to steal or manipulate information, and that includes spreading misinformation.
This talk will cover in detail how a number of iOS vulnerabilities are exploited to achieve Jailbreak on iOS 13.7. I will talk about their cause, techniques used during exploitation development to circumvent the limitations unique to iOS, and finally have the privilege of reading and writing kernel memory and demonstrating the potential harmful effects of the attack. The rest of my talk will be related to how these vulnerabilities were discovered, tips for reverse engineering. As an independent researcher, I hope to give some inspiration to the public.
From what we can gather, the conversation should reveal basic information about the vulnerabilities that were used to jailbreak iOS 13.7. Not only will it talk about using these vulnerabilities for jailbreaking, but it will also discuss how they can be used for malicious purposes. @ 08Tc3wBB will also go into detail about how the vulnerabilities were found and hopes to arouse interest in getting more people involved in security research.
We know from previous comments from @ 08Tc3wBB that the exploit used is shared with unc0ver lead developer Pwn20wnd after it has been patched by Apple. Furthermore, a full description of the exploit will be published on the ZecOps website later, which will open the door for other jailbreak developers to get their hands dirty with it (maybe the Odyssey team?)
To be completely clear, this is a tfp0 exploit, which Apple can patch with a software update. This is in contrast to the hardware-based checkm8 bootroom utilization, which Apple cannot patch with a software update. A tfp0 utilization is mainly translated to a kernel task port that allows writing to the kernel memory, and as such it is easy to see why this makes jailbreaking possible.
Although Black Hat Europe 2020 is still two months away, it’s still nice to have something to look forward to. Not only is it exciting to think that another exploitation could increase the jailbreak community at some point in the near future, but it’s also amazing to see and learn from security researchers who manage to pull this kind of thing year after year. For that reason, this is something you do not want to miss.
Are you excited about it @ 08Tc3wBB and ZecOps will soon present its findings? Share your thoughts in the comments section below.