In an interesting bit of news this long holiday weekend, hobbyist hacker @tomitokics took to social media platform X (formerly Twitter) on Friday to share what appears to be a proof of concept (PoC) for a use-after-free bug known as CVE-2024-44285 that Apple first introduced in iOS & iPadOS 18.0 and later patched in iOS & iPadOS 18.1.
In their post, @tomitokics said the PoC, which is available on GitHub, includes a description of the use-after-free bug, which means that someone bent on taking advantage of this bug to write an exploit could find help by reading the notes provided there.
But is this any reason for jailbreakers to get excited? Eh… let’s get into that, because it seems a bit nuanced.
As pointed out by frequent commentator @MasterMike88 in their own post shared to X, it’s expected that an exploit created out of CVE-2024-44285 would exhibit a particularly poor success rate due to the nature of use-after-free bugs. In fact, he estimates that it would have around an 8% success rate even if the bug were even reliable to begin with.
If the bug were to be made into a full-blown exploit, the only device that would be able to take immediate advantage of it as it pertains to jailbreaking would be the iPad (7th generation) running either iPadOS 18.0 or 18.0.1. That’s because the iPad (7th generation) is the only device lacking arm64e security mitigations that can run iPadOS 18 out of the box; it’s still using the arm64 architecture.
For what it’s worth, the iPad (7th generation) is already vulnerable to the checkm8 exploit because of the A10 Fusion chip inside of it, so owners of this device can already jailbreak iPadOS 18 with palera1n.
Apple stopped firmware updates beyond iOS & iPadOS 16 on all other arm64 devices, including the venerable iPhone X, some time ago. This means all that’s left to run iOS & iPadOS 18 besides the iPad (7th generation) are arm64e devices, and these require additional security mitigation management to complete a jailbreak for.
For example, we would need a Secure Page Table Monitor (SPTM) bypass, which is a kernel memory protection method that replaces the Page Protection Layer (PPL) kernel memory protection method utilized in older versions of iOS & iPadOS. Without it, the bug won’t work on arm64e devices, and as of now, no one has come forward with such a bypass.
These kernel memory protection methods are designed to check for abnormalities in the kernel memory, which occur because of hacks that write to the kernel memory. Unless these security mitigations are bypassed, any exploitation of the kernel memory on arm64e devices would be futile, as the security mitigation method would detect it and respond accordingly to protect the device from the hack.
See why Apple has made it so difficult to achieve a jailbreak these days?
Newer devices no longer require just a mere exploit to jailbreak anymore, but rather an exploit and a complex patchwork of other hacks to prevent the security system from detecting the hack and protecting itself from it. This means that even if the CVE-2024-44285 PoC was used to make an exploit, we’d still be waiting for a bypass to make use of it.
Still, there’s always a chance that could happen, however small the odds may be, and that’s the reason why we’re bringing this to your attention. Although the affected firmware versions are no longer being signed (which means you can’t downgrade to them), it is possible to upgrade to iOS or iPadOS 18.0.1 from an older firmware using the DelayOTA method until just before January 26th, per Dhinakg’s DelayOTA website.
Also see: How to use the DelayOTA method to update non-jailbroken devices to unsigned firmware
Staying on the lowest possible firmware and avoiding software updates is the correct path for prospective jailbreakers that aren’t already jailbroken, and they should continue to do so. With that being said, even if you’re hoping for something good to come out of this, you should avoid updating unless something tangible comes out of it by the DelayOTA update window, and this does seem particularly unlikely at this time.
In any case, it’s good to see something happening on the latest iOS & iPadOS 18 firmware. We can only hope that if nothing comes of it, something bigger and better comes in the future. Keep those fingers crossed, and don’t proceed with any unnecessary firmware updates if you can help it.