Exploit

Pangu Team purportedly jailbreaks iPhone 13 Pro remotely at TianfuCup 2021

Anthony Bouchard ∙ October 16, 2021

The Pangu Team is a name you might remember if you’ve been jailbreaking iPhones and iPads since ye olde days of iOS 9. Despite not releasing a public jailbreak since then, the Pangu Team continues to be hands-on with respect to iOS-related security research.

A wonderful example of that happened just this weekend in Chengdu, China at the TianfuCup (TFC) 2021, where the Pangu Team appears to be taking home the first-place prize in the contest by successfully pwning Apple’s brand-new iPhone 13 Pro running iOS 15 via a remote jailbreak. The earnings? A juicy $330,000 cash prize.

Hacker pattern_F_ goes hands-on with Saar Amar’s new kernel vulnerability, demos jailbreak on iOS 14.0

Anthony Bouchard ∙ October 14, 2021

Security researcher Saar Amar on Monday published a proof of concept (PoC) of a kernel-level vulnerability dubbed CVE-2021-30883 that was patched by Apple’s iOS & iPadOS 15.0.2 software updates.

The write-up reignited hope that we’d see a jailbreak for recent iterations of Apple’s mobile operating systems, and perhaps unsurprisingly, some security researchers have already started going hands-on with it.

New PoC renews hope for jailbreaking remaining versions of iOS 14, and maybe iOS 15

Anthony Bouchard ∙ October 11, 2021

When Apple released iOS & iPadOS 15.0.2 on Monday, one of the major changes was a security patch for a vulnerability reported in IOMobileFrameBuffer in which memory corruption could have resulted in an app executing arbitrary code with kernel-level privileges.

EntitlementFix: Another jailbreak tweak that patches at least 3 known 0-day exploits

Anthony Bouchard ∙ September 25, 2021

It was only about a week after Apple released iOS & iPadOS 14.8 with patches for the zero-click exploits that were actively weaponized in the wild and by the Pegasus spyware that iOS developer Mario Cheung released a jailbreak tweak called FORCEDEXIT to address the issue on pwned handsets running affected firmware versions.

Today, Cheung seems to be at it again with a new and free jailbreak tweak dubbed EntitlementFix, which allegedly fixes three additional 0-day exploits known to impact jailbreakable versions of Apple’s mobile operating systems.

New FORCEDEXIT jailbreak tweak claims to fix the zero-click exploit used by Pegasus spyware

Anthony Bouchard ∙ September 22, 2021

Last week, Apple released iOS & iPadOS 14.8 to the general public with important security patches for a zero-click exploit that could have resulted in arbitrary code execution.

Linus Henze picks October 21 release date for untether, says it will be open source

Anthony Bouchard ∙ September 21, 2021

If you’ve had your eyes glued to jailbreak community developments amid all the talk of untethers recently, then you’re not alone, and we’re especially excited to share that you’re in for some good news.

Yet another hacker teases possible plans to release a jailbreak untether

Anthony Bouchard ∙ September 20, 2021

Excitement is swirling around in the jailbreak community Monday evening after hacker and iOS developer @__spv took to Twitter to share thought-provoking Tweets related to untethered jailbreaks.

CoolStar teases jailbreak untether after achieving arbitrary code execution post-reboot

Anthony Bouchard ∙ September 20, 2021

Untethered jailbreaks are something of a rarity these days, with most modern jailbreaks being either semi-tethered or semi-untethered variants instead. But a teaser by security researcher Linus Henze just one week ago manifested at least some hope that the community could witness one again soon, at least for the likes of iOS & iPadOS 14.5.1 and below.

And speaking of untethered jailbreaks, Odyssey Team lead developer CoolStar announced via the Sileo / Taurine / Odyssey Discord channel Monday evening that they had successfully achieved arbitrary code execution in a native iOS/iPadOS application after conducting a full reboot of the device. This is, of course, the hallmark feature of an untethered jailbreak.

Security researcher publishes XNU IPC Race Condition bug PoC impacting iOS 14.7.1 devices

Anthony Bouchard ∙ Updated September 21, 2021

It seemed like jailbreak-viable kernel exploits and security vulnerabilities for iOS & iPadOS 14 had all but disappeared over the course of the past several months, but with iOS & iPadOS 15 right around the corner, that appears to be changing.

Linus Henze demos untethered jailbreak on iPhone 12 Pro Max with iOS 14.5.1

Anthony Bouchard ∙ September 13, 2021

For the past several years, the overwhelming majority of jailbreaks have been semi-untethered, meaning that you could still use a handset hacked liberated by said tools after a reboot, albeit in a non-jailbroken state.

The lack of untethered jailbreaks — or those that remain fully jailbroken following a reboot — has been a pain point for jailbreakers for as long as anyone can remember. For that reason, a Tweet shared by @LinusHenze Monday afternoon might be of particular interest…

Newly teased PoC raises hope for pwning certain handsets on iOS 14.4-14.5.1

Anthony Bouchard ∙ September 10, 2021

The most current jailbreak tools available to the public today are Taurine and unc0ver, each of which are capable of jailbreaking devices running up to and including iOS or iPadOS 14.3. Several iPhone and iPad software updates later, and we’re currently residing at iOS & iPadOS 14.7.1 with a public iOS & iPadOS 15 release looming just over the horizon.

Having said that, the elephant in the room would be the blazingly-obvious question: where are all the jailbreak-viable exploits for iOS 14.4 and later?

Hacker 08Tc3wBB plans to present and publish a kernel exploit for M1-equipped Macs

Anthony Bouchard ∙ September 7, 2021

Apple hasn’t held back from being vocal about the performance and security of its proprietary M1 chip – the tried-and-true powerhouse found inside of several different Mac computer models and even the highest-end 2021 iPad Pro. But as it would seem, not even the venerable M1 chip is hack proof…

Hacker and ZecOps security researcher @08Tc3wBB, known for contributions to the jailbreak community in the form of exploits that have been used in tools such as unc0ver by Pwn20wnd, appears to have made a momentous breakthrough with respect to the M1 chip.