If you’ve been following along during the past couple of days, especially following the release of iOS & iPadOS 17.5, then you’ve likely heard about the new PoC for a kernel vulnerability in AppleAVD impacting iOS & iPadOS 17.4.1 and older called CVE-2024-27804, which Apple cited as having the potential impact for an app to execute arbitrary code with kernel privileges
On the other hand, the hype might’ve gotten the best of most of us – perhaps even Apple. Meysam Firouzi (@R00tkitSMM), the security researcher who discovered this kernel vulnerability, received feedback from Apple this week concluding that the bug report “doesn’t align with the bounty criteria,” and perhaps more disappointing, it’s not exploitable.
The message that Firouzi got from the Cupertino-based company says:
We truly appreciate your effort and enthusiasm for this program. Unfortunately, your report doesn’t align with the bounty criteria as it doesn’t showcase the categories listed on our website. However, we strongly encourage you to continue submitting your work in the future.
We appreciate your assistance in helping to maintain and improve the security of our products and we look forward to receiving your future reports.
According to Firouzi, Apple is planning to update the “About the security content of iOS 17.5 and iPadOS 17.5” web page to reflect this determination. More specifically, they’ll change the bit about being able to execute arbitrary code with kernel privileges into “an unexpected system termination.”
Firouzi published a PoC for CVE-2024-27804 to their GitHub page just yesterday, and it has already started being looked at by prominent hackers.
Since CVE-2024-27804 didn’t meet the criteria, Firouzi won’t receive the full bounty reward either, but Apple has apparently offered a $1,000 good-faith reward in the meantime.
What does this mean for all of us? Well for the most part, Dopamine jailbreak lead developer Lars Fröder (@opa334dev) may have been spot on after saying there was a 90% chance that this PoC leads to absolutely nothing.
With that in mind, it seems unlikely this will become a useful puzzle piece in the development of any future jailbreaks, so the community will simply have to keep waiting for both a viable kernel exploit, a Secure Page Table Monitor (SPTM) bypass, as well as other techniques required to make the magic work. Sorry folks!
In any case, it’ll be interesting to see what comes down the pipeline next from Firouzi, or perhaps from another avid security researcher. Only time will tell…