Exploit

KernBypass kernel-level jailbreak detection bypass updated to v0.0.5 with iOS 14.2 support & more

Anthony Bouchard ∙ December 7, 2020

Earlier this year, iOS developer XsF1re garnered a substantial amount of attention from the jailbreak community after releasing the FlyJB kernel-level jailbreak detection bypassafter releasing the FlyJB kernel-level jailbreak detection bypass — a tool that was basically meant to amount to a way for jailbreakers to go undetected by App Store apps that would traditionally bar access to those with pwned handsets.

Soon after, XsF1re pulled the project, citing a loss of confidence, but later reinstated it as FlyJB X upon developing improvements to make the bypass more reliable. Still, it wasn’t without its shortcomings. Over the weekend, however, iOS developer Ichitaso updated his own kernel-level jailbreak detection bypass dubbed KernBypass (unofficial) to version 0.0.5, and from what we can gather, it just might be slightly superior.

Radio proximity security attack targeting up to iOS 13.5 detailed by Ian Beer

Anthony Bouchard ∙ December 2, 2020

Accomplished security researcher Ian Beer, known for releasing a host of iOS exploits used by modern jailbreak tools, dropped a bombshell on Twitter late Wednesday evening after sharing a detailed blog post about a jaw-dropping radio proximity exploit affecting up to and including iOS and iPadOS 13.5.

The blog post summary goes on to explain that the hacker can remotely trigger kernel memory corruption through the execution of arbitrary code. Furthermore, it can force affected iOS and iPadOS devices in radio proximity to reboot with no user interaction needed or put privacy at risk by breaching user data or utilizing cameras and microphones without the user’s knowledge. Scary indeed…

Odyssey jailbreak updated to v1.2.2 with support for A8/A9 devices running iOS 13.5.1-13.7

Anthony Bouchard ∙ November 26, 2020

It may be Thanksgiving, but that certainly hasn’t stopped the Odyssey Team from issuing an updated version of their iOS 13-centric jailbreak tool.

Announced via the Odyssey Team’s official Twitter account late Thursday evening, Odyssey v1.2.2 adds official support for A8 and A9 devices running iOS or iPadOS 13.5.1-13.7:

Odysey jailbreak updated to v1.2.1 with exploit-centric changes for iOS 13.5.1-13.7

Anthony Bouchard ∙ November 24, 2020

Just as promised, the Odyssey Team officially released an updated build of its jailbreak tool Tuesday morning in the form of Odyssey version 1.2.1.

The Odyssey Team announced the updated jailbreak tool via Twitter, and the general public can now follow the official download links to grab the latest version for themselves:

Odyssey Team planning to update jailbreak soon with improvements to new exploit

Anthony Bouchard ∙ November 20, 2020

The Odyssey Team updated its jailbreak tool on Friday to add support for the newly released iOS 13.5.1-13.7 exploit, and while the updated tool attracted a lot of positive response from the community, some avid jailbreakers were left disappointed after learning that handsets equipped with A8 or A9 chips and running the newly supported firmware versions weren’t supported – at least not at the time of this writing.

A Tweet shared by the Odyssey Team this Friday afternoon, offered some transparency into the current situation:

Apple’s original HomePod has been jailbroken with checkra1n

Anthony Bouchard ∙ November 19, 2020

When most people think of a jailbreak tool like checkra1n, among the first things that come to mind are iPhones, iPod touches, iPads, and Apple TVs. Interestingly enough, the checkra1n team has shown time and time again that the checkm8 bootrom exploit that powers this particular jailbreak is commanding enough to hack even some of the most arbitrary of things, including Apple’s T2 chip, which resides in a variety of Macs.

On Thursday, we learned that even Apple’s HomePod Smart Speaker devices are susceptible to the checkra1n jailbreak. The news, first shared this afternoon by Twitter user @_L1ngL1ng_, took many avid jailbreakers by surprise:

ZecOps & FreeTheSandbox release tfp0 exploit for iOS 13.5.1-13.7

Anthony Bouchard ∙ Updated February 3, 2021

As promised, following security researcher 08Tcw3BB’s much anticipated presentation at HITB CyberWeek 2020, affiliated software security firm ZecOps has officially released an exploit for iOS & iPadOS 13.5.1-13.7.

The announcement, shared this Thursday afternoon via the ZecOps Twitter account, links to a blog post on the firm’s own website that discusses the exploit, how it works via a proof of concept, and how an attacker could use it:

iOS 13.5.1-13.7 exploit to be discussed by 08Tcw3BB at HITB CyberWeek 2020

Anthony Bouchard ∙ November 17, 2020

Those paying close attention to the jailbreak community as of late would already know that there’ve been a number of recent developments that could eventually spell out the jailbreakability of iOS 13.5.1-13.7. If you missed the news, FreeTheSandbox is working on a public jailbreak supporting these firmware versions while security researcher @08Tc3wBB plans to release a dedicated exploit for use by the jailbreak community.

Neither of the aforementioned things have happened yet, but for those trying to keep tabs on everything as it happens, it might be worth mentioning that @08Tc3wBB plans to discuss his iOS 13.5.1-13.7 exploit on November 19th via HITB CyberWeek in a talk entitled “Jailbreaks Never Die: Exploiting iOS 13.7.”

Security researcher Liang Chen demos jailbreak on iPhone 12 Pro running iOS 14.2

Anthony Bouchard ∙ November 13, 2020

The past few weeks have been crazy for anyone heavily invested in the jailbreak community. Not only was the checkra1n jailbreak updated to add support for A10(X) devices and iOS 14.1-14.2, but a new exploit PoC targeting iOS & iPadOS 13.x was released and FreeTheSandbox once again affirmed that a jailbreak with support for iOS & iPadOS 13.5-13.7 would be released in the near future without a definitive ETA.

But the community was in for yet another teaser this week after talented security researcher Liang Chen (@chenliang0817) of Singular Security Lab (@SingularSecLab) demonstrated a working jailbreak on Apple’s brand-new iPhone 12 Pro handset running iOS 14.2 — the latest publicly available firmware at the time of this writing:

FreeTheSandbox discusses its plan for iOS 13.x jailbreak release, no ETA

Anthony Bouchard ∙ November 12, 2020

Those eagerly waiting for a jailbreak with support for the concluding versions of the iOS & iPadOS 13 family before Apple officially released iOS & iPadOS 14 this Fall have two options, with the first being to wait for FreeTheSandbox to release the jailbreak they’ve been teasing for more than a month, or the second being to continue waiting for someone to pick up an exploit like the one just recently released by @_simo36.

If the FreeTheSandbox offering sounds like a better choice to you, then we’ve got some news for you. The official FreeTheSandbox Twitter account shared the following Tweet early Thursday morning to comment on the state of the jailbreak they’ve been working on:

Exploit PoC targeting up to iOS 13.7 released

Anthony Bouchard ∙ November 11, 2020

If you’ve been paying any attention to the iOS & iPadOS security research side of things recently, then you might’ve caught wind about a kernel bug discovered by Mohamed Ghannam (@_simo36) that held the capacity to pwn iOS & iPadOS 14.1 and below. Unfortunately, Ghannam later revealed that the bug didn’t work on iOS or iPadOS 14, and instead that it would only support variants of iOS & iPadOS 13.

While the aforementioned circumstances were indeed a bummer for those who’d been looking forward to a potential exploit release for iOS & iPadOS 14, the good news is that Ghannam officially released a kernel exploit proof of concept (PoC) dubbed 'OOB Events' on Wednesday with instructions for achieving kernel task port (tfp0) on iOS & iPadOS 13.7:

Kernel bug for iOS 14.1 and below raises hopes for exploit, and perhaps jailbreak

Anthony Bouchard ∙ November 6, 2020

Apple unleashed iOS & iPadOS 14.2 to the masses yesterday afternoon, and while most iPhone and iPad owners gleefully updated to take advantage of more than 100 new Emojis and six new wallpapers, the updates also appeared to beef up their respective platforms’ security.

Security improvements are generally a good thing for users; however, they can be red flags for proponents of the jailbreak community since software exploits are the very things that make jailbreak tools possible. With that in mind, it may come as no surprise that jailbreak developers repetitiously remind the community to stay in the lowest possible firmware, as this can increase one’s chances of jailbreak eligibility.