0:00
what's going on youtube gsm right here
0:02
so in today's video we're discussing
0:04
whether we can update the uncovered
0:05
jailbreak with the lpe vulnerability
0:08
that was released and what stands
0:09
between getting the jailbreak updated
0:11
and of course waiting for another
0:13
jailbreak but before we even get into
0:15
that i would like to announce that ios
0:17
14.7 betas are no longer signed which
0:20
means that you can no longer go back to
0:22
14.7 or to save blobs a couple of days
0:25
ago they used to be signing here on the
0:27
beta as you can check here on my website
0:28
idevicecentral.com on ios signing status
0:31
in here you select your device from the
0:33
list and it will show all the betas and
0:35
all the ios versions that are currently
0:37
signed here are the normal releases and
0:39
here are the betas a couple of days ago
0:41
ios 14.7 was still signed in here on the
0:44
beta i made a video about that at that
0:46
point however now it's no longer signed
0:48
ios 15 beta is the only beta signed and
0:51
the 14.7.1 is the only ios version
0:54
release that is currently signed none of
0:56
which are good for jabric purposes ios
0:59
14.7 was good because of tsar and mars
1:01
vulnerability which was patched in
1:05
this one that we're also going to talk
1:07
about today so a lot of people seem to
1:08
ask me on twitter whether this can be
1:10
used for uncover or not there seems to
1:12
be a lot of confusion on whether we can
1:14
use this forum cover or only for pawn my
1:18
and many people believe that if it can
1:19
be used for upon my it should be usable
1:21
for uncover and that is not actually
1:23
correct it cannot be used for uncover
1:26
and the reason has nothing to do with
1:28
copyright or dmca many people thought
1:30
that this is the reason that sar amar
1:32
probably doesn't let pawn their own
1:34
useless in their jailbreak which is not
1:36
correct sar amar did not impose any
1:38
limits on how this can be used or by
1:40
whom so the uncovered team would be free
1:42
to use it in their tool however it's not
1:44
possible to use it in order to update
1:46
uncover for 14.7 and lower because this
1:49
vulnerability here requires a certain
1:51
entitlement that we cannot get in
1:54
uncover that entitlement is only present
1:56
in web content or safari so in order to
1:59
be able to trigger the vulnerability
2:01
here and use it in a jailbreak we would
2:04
need to be able to have that entitlement
2:06
which we don't have in uncover because
2:08
uncover is not safari uncover is a
2:10
standalone application so this is the
2:12
reason why pawn my would work because
2:14
ponmai is a safari based jailbreak it's
2:17
a website that you access in safari and
2:19
you press jailbreak so it's javascript
2:22
it's code that works in the browser and
2:24
that way the entitlement is present and
2:27
we will be able to trigger this
2:28
vulnerability here released by sar amar
2:31
which was patched in 14.7.1 but would
2:33
work for 14.7 all the way down to 14.4
2:37
or so at the same time pawn my has a
2:39
webkit exploit this one in here released
2:41
by this security researcher in here and
2:43
this one works on 14.5 and newer so we
2:47
can pawn safari in order to be able to
2:49
get this going however uncover has
2:51
neither uncover is an ipa file which
2:53
means is a standalone application in
2:55
itself with no relationship whatsoever
2:58
to safari or webkit or web content so it
3:00
couldn't take advantage of this
3:02
vulnerability if they wanted to so if
3:04
you want to wait for a jailbreak with
3:06
this vulnerability at this point pawn
3:08
might becomes the only option i see in
3:11
the near future and near future could
3:13
mean anything could mean weeks could be
3:14
months it depends on how fast we can get
3:16
an exploit from this vulnerability
3:18
remember that a vulnerability is not an
3:20
exploit a vulnerability could be used to
3:22
create an exploit but you still have to
3:24
do some work now admittedly saramar
3:27
posted everything that we need in here
3:29
especially the exploitation part they
3:31
talked about everything that needs to be
3:32
done in order to get arbitrary read and
3:34
write and stuff like that so all you
3:35
need to know is indeed here you just
3:37
need a little bit of experience in order
3:39
to put them together something else that
3:41
has been posted and this one can be used
3:43
for uncover as well are the slides
3:45
posted by pattern f those are the slides
3:47
from the black hat usa 2021 which
3:50
contain a lot of great information about
3:53
anfi about you know bypassing mv and
3:55
stuff like that kernel hip isolation and
3:57
many other security features introduced
3:59
in ios 14. though i do believe that many
4:02
of these things are already known by the
4:04
uncovered team that being pond owned sam
4:06
bingner and many others because their
4:08
tools do include enfit bypass do include
4:11
pac bypass and so on so even though they
4:14
are not releasing those for the general
4:16
public they probably do have this
4:18
information however if you are an
4:20
uncovered user waiting for uncover to be
4:22
updated for 14.5 14.4 14.6 14.7 it's
4:27
probably going to take more time because
4:28
the vulnerability that was released this
4:30
one here is usable for pawn mine which
4:33
would be a jailbreak that doesn't
4:34
require any ipa or applications or
4:36
signing you just go to safari open a
4:39
website jailbreak and that's it this one
4:41
could be updated with that vulnerability
4:43
but on cover it can't because it doesn't
4:45
have the proper entitlement so i hope
4:47
this makes it clear why on cover or even
4:50
taurine cannot be updated with that
4:51
vulnerability it's useless for uncover
4:53
and taurine but it's a gold treasure for
4:56
pawn might because safari has exactly
4:58
that entitlement that we need and pawn
5:00
mai works directly on safari so if you
5:02
are waiting for a jailbreak your best
5:04
bet will be pawn mai which is currently
5:06
in development it's highly work in
5:08
progress by the manticore team so thank
5:10
you for watching ingios now till the
5:12
next time subscribe to stay updated and
