0:00
what's going on youtube gsm right here
0:02
so in today's video i have great news
0:03
for those of you waiting for jailbreak
0:05
on ios 15. so a brand new kernel exploit
0:08
has been achieved now justin sherman a
0:11
security researcher has posted just a
0:13
couple of hours ago quote 15.2 bad
0:15
success rate due to recent mitigations
0:17
though so they posted a picture here and
0:19
this picture actually tells a thousand
0:22
words you can see in this picture
0:24
basically an output from their exploit
0:26
probably in xcode and it shows the
0:28
kernel version string for the ios 15.2
0:31
which does check out and by the way ios
0:33
15.2 is currently the latest version
0:35
available and signed so this is indeed
0:38
pretty massive and then they show
0:40
basically their setup for the exploit
0:42
you know building the early primitives
0:44
and getting the task struct address and
0:46
stuff like that process tracked address
0:48
credentials and whatever those are part
0:50
of the exploit itself then they are able
0:52
to calculate the kernel slide once
0:54
you're able to calculate the kernel
0:56
slide with your exploited means that you
0:58
broke the ka slr or kernel address space
1:01
layout randomization which is one of
1:03
apple's security features if you break
1:06
that it means that you know where
1:08
functions are at which address they can
1:10
be found if you know at which address
1:12
they can be found you can modify them
1:14
later on and while the code the
1:16
functions themselves are actually
1:18
protected now by kpp and ktrr and stuff
1:21
like that because it's the static code
1:23
that never changes the variables are not
1:26
and thus you can basically modify your
1:28
credentials because those are variables
1:30
and you can get root and applied various
1:32
other patches to create a full jailbreak
1:35
so once you broke aslr it's basically
1:37
game over at that point it's just a
1:39
small step in order to do you know
1:41
proper patches for a jailbreak then they
1:42
get the kernel base in here now the
1:44
kernel base is important but not right
1:47
now not for jailbreak purposes at this
1:48
point is just for demonstration here but
1:50
then they say build full kernel read and
1:53
write primitives at that point you do
1:54
have full control over the kernel once
1:57
you're able to write and read the
1:59
arbitrary addresses on the kernel it
2:01
means you can apply patches to the
2:02
sandbox to the root to credentials and
2:05
stuff like that so you can make the
2:06
kernel do what you want and basically
2:09
build a jailbreak and then they perform
2:10
a couple of dumps to the kernel memory
2:13
and that indeed corrects they dump the
2:15
kernel the regions of the macro binary
2:18
and stuff like that so everything looks
2:19
okay there now can this be used for
2:21
uncover of course it definitely can the
2:24
only problem i can see here for
2:25
jailbreak purposes would be the bad
2:27
success rate because of the recent
2:29
mitigations now that doesn't mean it
2:31
wouldn't work for a jailbreak it means
2:32
that your jailbreak will probably take a
2:34
couple of tries before it would start
2:36
jailbreaking we had this in the past
2:38
with the vss exploit and many others by
2:41
in beer not every single exploit in the
2:43
history was a perfectly stable one we
2:45
had bad exploits in the past we'll learn
2:48
to live with it so this can indeed be
2:50
used for uncover and history shows that
2:52
the uncovered theme usually works with
2:54
the security researchers like justin
2:55
sherman and you know pattern f and stuff
2:58
like that in the background before they
3:00
even release those exploits to the
3:02
public for example the exploit that is
3:03
currently using the 14.8 jailbreak that
3:06
was released a couple of weeks ago by
3:08
uncover out of the blue this exploit is
3:10
not even public yet pattern f is
3:12
credited for the exploit but pattern f
3:14
did not release this publicly they gave
3:16
it privately to uncover so it's possible
3:18
that this would happen again with justin
3:20
sherman's exploit once ios 15.2 is no
3:23
longer signed right now this exploit is
3:26
zero day now they mention a lot of
3:27
mitigations and that is correct ios 15.2
3:30
is packed with a lot of patches for
3:32
various vulnerabilities and thus making
3:34
things a little bit harder to exploit
3:36
but not impossible as you can see from
3:39
here so yeah i would definitely advise
3:41
you to stay as low as possible on ios 15
3:44
do not update the 15.2 is a bad idea
3:47
even though this works on 15.2 it's
3:49
always the best to stay as low as
3:51
possible because you never know what
3:53
other issue is in there if you're on
3:55
14.8 or 14.3 or 14.4 or 14.6 or any
3:59
other 14 version for god's sake do not
4:02
update the 15. i've had this issue in
4:05
the past with people not understanding
4:07
what i'm telling them to not update they
4:09
kept on updating and once a jailbreak
4:11
was released they blamed me for not
4:13
telling them not to update which of
4:15
course i always say do not update but
4:17
some people would never learn so yeah
4:19
definitely do not update the 15.2 even
4:22
if this supports 15.2 but yeah a new
4:25
kernel exploit good for jailbreaking and
4:27
of course if history is anything to go
4:29
by uncover will probably put their hands
4:31
on this before it gets released to the
4:33
public which is definitely great thank
4:34
you for watching i'm gsnow till next
4:36
time subscribe to stay updated and peace
