As promised, following security researcher 08Tcw3BB’s much anticipated presentation at HITB CyberWeek 2020, affiliated software security firm ZecOps has officially released an exploit for iOS & iPadOS 13.5.1-13.7.
The announcement, shared this Thursday afternoon via the ZecOps Twitter account, links to a blog post on the firm’s own website that discusses the exploit, how it works via a proof of concept, and how an attacker could use it:
In the blog post, we find a Local Privilege Escalation (LPE) proof of concept that can be compiled with Xcode and side-loaded onto your iPhone or iPad. This, of course, requires a Mac.
This is particularly good news for the jailbreak community, as the exploit is capable of achieving tfp0 – otherwise known as a kernel task port – which enables arbitrary reads and writes to the handset’s kernel memory. As you might come to expect, this is just the sort of thing that a jailbreak developer would need to make a jailbreak function on a specific version of iOS or iPadOS.
As we know from previous comments made by 08Tc3wBB, the exploit will be shared with unc0ver lead developer Pwn20wnd such that the jailbreak tool can be updated to support the targeted versions of iOS and iPadOS. But now that the exploit has been released to the general public, it’s worth noting that other jailbreak teams have also taken note.
One such team is the Odyssey Team, with Odyssey jailbreak lead developer CoolStar announcing via the official Discord channel this afternoon that the jailbreak would be updated to support up to iOS & iPadOS “shortly:”
As it would seem, both the major public jailbreak tools may soon add official support for iOS & iPadOS 13.5.1-13.7, which means it doesn’t really matter which tool you prefer. As an additional option, FreeTheSandbox is currently working to release its own jailbreak tool with support for iOS & iPadOS 13.5.1-13.7, and hopes to maintain it as exploits for later versions of iOS and iPadOS materialize going forward.
Are you excited that iOS &iPadOS 13.5.1-13.7 will soon be publicly jailbreakable on all available devices outside of the scope of checkra1n, or have you already updated to iOS or iPadOS 14? Let us know by dropping a comment down below.
