0:00
what's going on youtube gs9 here so in
0:02
today's video i have great news for
0:04
those of you waiting for chill breaks
0:05
for ios 14.7.1 and lower a brand new
0:09
proof of concept for a new vulnerability
0:11
has been released now i talked about
0:13
this vulnerability when it was announced
0:14
a couple of days ago in another video
0:16
and i said that i dm'd the developer and
0:19
they said they will release it and
0:21
finally they did it was released in here
0:24
now the official link is somehow dead it
0:26
doesn't go anywhere anymore but it has
0:28
been saved by people in here and this is
0:30
the full proof of concept which works on
0:32
ios 14.7.1 and lower so the developer
0:36
peterpan0927 in here says quote since
0:39
ios 15 rc or release candidate has been
0:42
released i will drop the poc or proof of
0:44
concept i mentioned a few days ago it
0:47
says new ipc race condition bug
0:49
reachable from sandbox tested machine
0:52
iphone 11 on 14.7.1 and macbook pro on
0:55
11.5.2 and eleven point zero point one
0:58
here is my proof of concept have a good
1:00
day so as i said the original link
1:02
doesn't go anywhere anymore but you can
1:03
still find it infernal haven't posted in
1:06
here the poc and i was also sent the
1:08
same poc by coronax or area on twitter
1:12
so shout out to them for that so you can
1:13
still find it and it's actually working
1:16
14.7.1 which surprisingly if you check
1:19
here on my website idevicecentral.com
1:21
it's still signed so if you want to
1:22
check what ios versions are signed you
1:24
go here to iowacentral.com ios signing
1:27
status select your device from the
1:28
listing here and you will see exactly
1:30
which betas are currently signed and
1:32
which normal ios versions the stable
1:34
ones are currently signed and if you
1:36
press on their build number you can get
1:37
the ipsw can download it and restore it
1:40
so right now you can see 14.7.1
1:42
is signed however peter pens bug works
1:45
on 14.7.1 and lower seems to have been
1:48
patched on ios 15 rc so it might work
1:51
even on 14.8 i don't know but that's
1:53
actually great because you can see that
1:55
this vulnerability is reachable from the
1:57
sandbox that's an important thing for
1:59
jailbreak purposes however this
2:00
vulnerability isn't exactly a kernel
2:02
exploit yet it's not a tfp0 kernel
2:05
exploit the fb0 has been dead in ios 14
2:08
for quite some time so yeah we use
2:09
different methods nowadays but still the
2:11
code is important because it does show a
2:14
very good vulnerability on ios 14.7.1
2:17
which again is signed now if you want to
2:19
test it on ios you can basically create
2:21
a new application like i did in here
2:22
paste the code into the view controller
2:24
and make sure to call the function i
2:26
would actually rename it because it's
2:28
called main and it may not compile but
2:30
one important thing is that you would
2:32
have to paste the content of the mac vm
2:34
header into another file and import it
2:36
into your project for some reason xcode
2:38
doesn't let me import mac vm into an ios
2:41
application so yeah if you want to test
2:42
it on ios you can definitely do so the
2:44
poc will be available down below in the
2:47
description and it's going to be the
2:48
link for this file here however being a
2:50
proof of concept it means that it's not
2:51
a full exploit it doesn't really grant
2:53
you any privileges it just triggers the
2:56
bug so this can be exploited by a
2:58
developer for example the developer
2:59
behind uncover or taurine or the
3:01
benticore team but it's not as
3:03
straightforward and as easy as it sounds
3:05
from a vulnerability poc to an exploit
3:08
it's actually a ton of work so what
3:10
they've released in here is not exactly
3:11
useful for jailbreak purposes as it is
3:13
it's a great bug but it still needs a
3:15
proper exploit by somebody who knows to
3:18
do that kind of stuff so i guess we're
3:19
going to see if it's going to be used in
3:21
a jailbreak or not but yeah the
3:22
vulnerability works on 14.7.1 and lower
3:25
so it would make for a good exploit if
3:27
it is indeed exploited in a jailbreak
3:29
but to be honest if you're waiting for
3:31
uncover or for taurine on 14.6 and so on
3:34
you should definitely be waiting for
3:35
linus hanses demon here which i talked
3:38
about a couple of days ago and it's a
3:39
fully untethered jailbreak with celio
3:42
and everything based on their
3:43
vulnerabilities that they found and this
3:45
one contains a kernel vulnerability and
3:47
untether and so on so i talked to linus
3:49
hansi and they said that they're going
3:51
to likely release this at the end of
3:53
october with a poc and cool star
3:55
confirmed that they're going to make
3:56
taurine untethered once they figure out
3:58
how to exploit this vulnerability they
4:00
apparently already know what bug has
4:02
been used in this video here so they
4:04
will likely try to exploit it and create
4:06
an untethered taurine so yeah that's
4:08
definitely a better vulnerability than
4:10
this one in here but this one also would
4:11
do if it's being exploited since it is
4:13
indeed reachable from the sandbox so
4:16
thank you for watching we'll keep you
4:17
updated with anything that's going on in
4:18
the jailbreak community until the next
