The newest growth in iPhone and iPad safety analysis this week noticed @_p0up0u_ Tweeting Twitter.com/_p0up0u_/standing/1682375521408098304?s=46&t=qqvuoLV9uFvc9wARCfQjWQ”>a link to a GitHub project for achieving read and write to kernel memory on Apple devices called kernel file descriptor (or kfd for short).
Citing the outline on GitHub, kfd “leverages various vulnerabilities that can be exploited to obtain dangling PTEs.” It’s a way of attaining a kernel read/write primitive, which is one thing that may be helpful for jailbreaking.
The announcement kicked up fairly a little bit of consideration from the jailbreak group this week, together with from Dopamine lead developer Lars Fröder, who stated that it is likely to be potential to use kfd for a jailbreak on iOS 16.5 and older, Twitter.com/opa334dev/standing/1682402386583617536?s=46&t=qqvuoLV9uFvc9wARCfQjWQ”>assuming we get a PPL bypass.
PPL stands for Page Protection Layer, and it really works as a way of safety by stopping code from being modified as soon as it’s verified by the system. PPL bypasses aren’t significantly widespread, and one isn’t at present accessible to the general public for the referenced firmware vary presently.
Typically, jailbreak builders like to see each a PPL bypass and a PAC bypass together with a helpful effort like kfd, however if what Fröder stated is true, then it is likely to be potential to skip the PAC bypass for jailbreaks on firmware together with iOS 15.2 and newer and use different methods to make a jailbreak as a substitute — once more, contingent on a PPL bypass being released, which hasn’t occurred but.
Notably, Fröder put out a PSA on Saturday confirming that he doesn’t plan to work on an iOS 16 jailbreak, however these plans may change. Should that ever occur Fröder stated he wouldn’t announce his efforts publicly nor would he open supply it, because the Dopamine jailbreak he labored on was leaked early towards his needs:
In any case, the emergence of profitable kernel read and write capabilities for iPhones and iPads operating newer firmware, particularly newer gadgets, is sweet information for the jailbreak group as a result of it means there could possibly be mild on the finish of the tunnel.
Even regardless of Fröder’s PSA that he wouldn’t be engaged on a jailbreak, the truth that a minimum of among the sources exist means there’s a modicum of hope for these ready. We simply wait now to see if somebody will step up to the plate for this problem.