As many will recall from a post we ran in mid-December, Kunlun Lab security researcher Zweig (@realBrightiup) had planned to share details about a bug that could have been used to exploit the kernel on iOS & iPadOS versions 15.0-15.1.1.
In the original Tweet thread, @realBrightiup explained how Kunlun Lab regulations prevented detail disclosure for another two months. With February nearing its end, the first tidbit of information pertaining to the aforementioned bug has now been published.
The write-up is rather short compared to some others we’ve discussed previously on Lazyroar, and that’s partly due to the lack of a proof of concept (PoC). Still, the write-up delves into the methodology of harnessing CVE-2021-30955, and so some may find it particularly interesting.
According to Apple’s security content page for iOS & iPadOS 15.2, CVE-2021-30955 could have allowed an app to execute arbitrary code with kernel privileges. The bug is purportedly accessible from the sandbox without special entitlements, so it could be possible to make an exploit out of it for jailbreaking purposes, but will that happen? It’s frankly too soon to tell.
The original Tweet thread had @realBrightiup showcasing CVE-2021-30955 being used to achieve read/write privileges to the kernel memory, so it certainly has that going for it.
An interesting note from the write-up is that CVE-2021-30955 was introduced in iOS & iPadOS 15.0, so this means that it wouldn’t work on versions of iOS or iPadOS 14. Having said that, only versions 15.0-15.1.1 would be supported.
What are your thoughts about @realBrightiup’s new write-up, and are you excited to see if it materializes into anything for the purposes of jailbreaking? Be sure to let us know in the comments section down below.
