iDevice Central Website

iDevice Central

iOS Jailbreak News, Tutorials and Tools!

iOS 17.5 Released! Kernel Vulnerability PoC (For Jailbreak) RELEASED For All Devices!

Author:

GeoSn0w

Published:

iOS 17.5 Kernel Vulnerability PoC (For Jailbreak) Coming Soon For All Devices!

iOS 17.5 is now finally out. Apple released the new update which is now available for everybody via OTA (Over The Air) in Settings, Software Update, or as an IPSW file.

With iOS 17.5 came the security content published by Apple which shows several important vulnerabilities have been patched, including CVE-2024-27804, a kernel vulnerability that leads to execution of arbitrary code with kernel privileges.

UPDATE: The PoC was released. While it would take quite some effort to turn this into a proper kernel exploit, it’s not impossible. Developer @opa334 does make it clear that it won’t be easy and it’s not all that is needed for a jailbreak, but it could potentially lead to TrollStore on iOS 17.0 and other apps being updated once an exploit is released. Do keep in mind more stuff would be needed for Dopamine. A lot more stuff.

If you are waiting for a jailbreak this vulnerability is very good news. The developer who reported the vulnerability to Apple, Meysam Firouzi (@R00tkitSMM), said on Twitter that they are going to provide a PoC (Proof of concept) for this vulnerability soon.

This vulnerability does support arm64e devices, so A12+ devices are also supported making this very valuable.

While a PoC is not necessarily an exploit, it does provide the code necessary to trigger the vulnerability, so a skilled security researcher can turn it into a proper kernel exploit usable for jailbreak purposes.

iOS 17.5 Kernel Vulnerability to be released. Likely useful for a jailbreak.
iOS 17.5 Kernel Vulnerability to be released. Likely useful for a jailbreak.

Does this mean an iOS 17.5 Jailbreak?

Not quite. See, iOS 17.5 patches this vulnerability, so this means that the newest iOS version to still be vulnerable is iOS 17.4.1.

However, iOS 17.4.1 is, at the time of writing this, still signed. This means you can easily downgrade from iOS 17.5 back to iOS 17.4.1 and be on a vulnerable version that is certain to get a kernel vulnerability PoC soon.

Speaking of jailbreaking, while for a proper jailbreak, a PPL / SPTM bypass would also be necessary, developers in the community are already thinking about porting Misaka, Cowabunga Lite, and other such tools to iOS 17.4.1 and lower.

Misaka developer Huy Nguyen says this new PoC could help develop Misaka for iOS 17 and calls people to stay on iOS 17.4.1 or lower.
Misaka developer Huy Nguyen says this new PoC could help develop Misaka for iOS 17 and calls people to stay on iOS 17.4.1 or lower.

UPDATE: After the PoC was released a few hours ago, developer Huy Nguyen backtracked their previous statement saying they are sorry for getting overhyped. They also seemed to have issues porting the PoC to iOS despite being able to run it on macOS, so take these initial discussions with a grain of salt.

It’s important to note that iOS 17.4.1 won’t stay signed for long, so it’s best if you downgrade from iOS 17.5 as soon as you can. If you are running anything lower, do not update!

Does iOS 17.5 patch any other good vulnerabilities?

Yes. In fact, the security changelog posted by Apple is pretty big and includes a few gems such as another kernel vulnerability (CVE-2024-27818) reported by pattern-f, a prominent jailbreak developer who has released stuff before.

There is also an AppleMobileFileIntegrity (AMFI) bug patched in iOS 17.5 which can lead to access to user data, a Libsystem bug that can also result in access to protected user data, and several location-disclosing bugs in FindMy, Maps, etc.

iOS 17.5 also patches a kernel vulnerability by pattern-f, a prominent jailbreak developer who has released stuff in the past.
iOS 17.5 also patches a kernel vulnerability by pattern-f, a prominent jailbreak developer who has released stuff in the past.

There is also a WebKit vulnerability in this log. WebKit bugs have often been used for jailbreaking before, especially as an entry vector. Many jailbreaks used WebKit vulnerabilities to be able to install the jailbreak directly from Safari without PC.

Final thoughts

The iOS 17.5 security content is pretty massive containing several powerful kernel vulnerabilities, amongst other significant privacy or data access ones.

One of these kernel vulnerabilities will surely be released in the form of a Proof Of Concept (PoC) by @R00tkitSMM soon, and it may prove useful for jailbreaking or for updating tools like Misaka, Cowabunga Lite, etc.

For now, I would advise people to stay below iOS 17.5 and do not update. If you are looking for a jailbreak, this brings us one step closer but there is still lots to do, especially for a real jailbreak like Dopamine.

More iDevice Central guides

About the author

GeoSn0w

An iOS and Jailbreak enthusiast who has been around for quite some time in the community. I’ve developed my own jailbreaks before and I am currently maintaining iSecureOS, one of the first iOS Anti-Malware tools for jailbroken devices. I also run iDevice Central on YouTube with over 146.000 Subscribers! Thank you for being part of this awesome community.

Leave a Reply

Latest posts