0:00
what's going on youtube gsm right here
0:02
so in today's video we're talking about
0:04
the brand new kernel bug that was
0:06
released by security researcher brydia
0:08
for ios 15.1 15.0 and stuff like that
0:11
this video is brought to you by any
0:12
translate software that allows you to
0:14
drag and drop files directly to your
0:15
device from your computer definitely
0:17
check it out in the link below also huge
0:20
thank you to the people who are
0:21
supporting this channel on patreon.com
0:23
you guys rock so as you probably
0:25
remember this security researcher brydie
0:27
up a couple of months ago had a
0:29
vulnerability that apparently was
0:31
patched by apple in 15.2 they posted
0:33
this picture here back on november 2nd
0:36
and as you can see from the picture they
0:38
basically got colonel reading right they
0:39
managed to perform a read and the write
0:41
in the kernel memory and even got the
0:43
slide so pretty good vulnerability
0:45
pretty nice and they even managed to get
0:47
it more stable well it appears that
0:49
today they posted this quote the zero
0:51
day of yesterday and they posted a link
0:53
to this website here which is partially
0:55
in chinese partially in english which is
0:58
basically their vulnerability that they
1:00
exploited this is cbe
1:02
2021-30955 and if you go ahead and
1:04
search it here on the security content
1:06
you can see that it's basically a kernel
1:08
vulnerability it's a malicious
1:10
application may be able to execute
1:11
arbitrary code with kernel privileges
1:13
and it's from conlon lab so that's
1:15
basically it this is the vulnerability
1:17
the information here basically explains
1:19
what they did in order to exploit it
1:21
what they use you know what other
1:22
materials they've used in order to learn
1:24
how to do this and stuff like that but
1:26
there is no proof of concept attached to
1:28
this or exploit it's just the
1:29
vulnerability itself the bug itself so
1:32
what this means for uncover or for
1:34
taurine well this means that they cannot
1:36
take this like drag and drop and put it
1:39
on cover and it would work it's just a
1:41
bug but the bug is not an exploit you
1:43
can exploit a bug or a vulnerability and
1:45
that would create an exploit that would
1:47
be usable for jailbreak purposes but not
1:49
every bug is an exploit so since this
1:51
post here doesn't contain any exploit or
1:54
any source code attached just basically
1:56
the information about where the bug is
1:58
and how to exploit it pound own from
2:00
uncover or cool star from the touring
2:02
team would have to basically get this
2:03
vulnerability in here follow these
2:05
instructions and create an exploit for
2:07
it while this is not impossible it would
2:09
take more time it's not as easy as
2:11
dragging and dropping the files into
2:13
uncover and getting it to work so while
2:15
brighty up did indeed release something
2:18
it's not an exploit and it's actually
2:20
just a vulnerability while useful it
2:22
still means that the uncovered team
2:24
needs to work a little bit more in order
2:25
to turn it into a proper exploit and
2:27
don't get me wrong if you go ahead in
2:29
here on ios signing status you can see
2:31
exactly which firmware this will support
2:33
let's say we're going to select iphone
2:34
12 mini and you can see exactly the
2:36
versions that will be supported we're
2:38
talking about 15.0 15.0.1 15.0.2 15.1
2:43
15.1.1 because this was patched in 15.2
2:46
it's actually quite a good range
2:48
especially since ios 15.2 beta 1 is
2:51
still available and it's unknown for the
2:53
moment whether this has been patched in
2:55
the first beta of 15.2 it could have
2:58
been patched only in the release or in
3:00
the newer betas you can try that if you
3:02
already run 15.2.1 or 15.3 or 15.3.1 you
3:06
can try to downgrade while it's still
3:08
assigned to the 15.2 beta 1 to see if
3:11
this bug is still in there it may or may
3:13
not be however yes this is a wealth of
3:15
information for a security researcher
3:17
like pound owned from the uncovered team
3:19
or for cool star from the touring team
3:21
but it's not as straightforward as you
3:23
may expect because this doesn't contain
3:25
any source code so they would have to
3:27
use this instructions here which are
3:29
pretty useful and they would have to
3:30
create the exploit themselves though
3:32
that shouldn't be a problem for the
3:33
uncover or for taurine team if they are
3:35
interested enough but yeah that's what
3:37
bridey up posted it's not exactly what
3:39
they demonstrated here in this picture a
3:41
couple of months ago here they already
3:44
had an exploit running they did not
3:46
publish the source code for this they
3:48
just published the bug itself and we
3:49
would have to do the exploit ourselves
3:52
so still very useful but still requires
3:54
a lot of work from the uncover and
3:55
taurine team so that's basically it
3:57
thank you for watching this is what's
3:58
happening currently in the jailbreak
4:00
community we'll keep you updated with
4:01
anything until next time peace out
