Just yesterday, following Apple’s release of iOS & iPadOS 17.5, security researcher Meysam Firouzi (@RootkitSMM) took to X (formerly Twitter) and said that they planned to publish a proof of concept (PoC) for a kernel vulnerability impacting iOS & iPadOS 17.4.1 and older dubbed CVE-2024-27804.
Firouzi made good on that promise Tuesday afternoon, including a link to the PoC in yet another post shared to X, but Lars Fröder (@opa334dev), author of the Dopamine jailbreak, isn’t totally convinced that it will make any difference for the jailbreak community.
In a thread on X discussing the viability of the PoC for a kernel exploit in jailbreaking, Fröder said “there is a 90% chance this will lead to absolutely nothing and a 10% chance that it will lead to a 17.0 TrollStore installer.”
This comment came only shortly after Fröder said “kernel exploitation got so hard in iOS 16.0+ that I would not assume any researcher would publish the necessary techniques to exploit a bug. We’ve had to many PoCs in the past year or so, but zero exploits.”
So what can we gather from all of this? The skinny of it all is that it seems unlikely that this kernel vulnerability will result in a kernel exploit, much less a jailbreak. That’s because making a jailbreak requires a lot more than just a kernel exploit, but rather several techniques to get all the requirements for a jailbreak to operate.
A Secure Page Table Monitor (SPTM) bypass, for example, has yet to be released. SPTM, in plain English, is essentially the new version of Page Protection Layer (PPL) that Apple uses to verify that kernel memory isn’t being tampered with. So this needs to be bypassed for a kernel exploit to actually write to kernel memory without setting SPTM off.
Interestingly, Fröder did say there’s a chance that the PoC could result in a TrollStore installation method for iOS & iPadOS 17.0, if an exploit is made. However, the chances for this seem slim depending on the viability of such an exploit, which has yet to be created and properly tested.
What about semi-jailbreaks like Serotonin, you might ask? Well, Fröder commented on that too, noting that “Serotonin will not work on 17.0 SPTM devices without new / unique techniques.” So that seems like a no-go too, unless someone is able to come up with new ways to actually use an exploit, should one arise.
All in all, it seems like we haven’t yet moved from square one, but it will be interesting to see if a kernel exploit comes from the PoC, which Firouzi published on their personal GitHub page. If one does, that’s where the interest will really kick up. For now, don’t get too excited, and remain on the lowest possible firmware and avoid software updates.