0:00
what's going on youtube geoscience here
0:02
so in today's video we're discussing
0:04
about the exploit that has been released
0:05
a couple of days ago what we can use it
0:07
for and of course if it helps for
0:09
jailbreak purposes this video is brought
0:11
to you by any trans a software that
0:12
allows you to manage your device
0:14
transfer your photos music videos and so
0:16
on do proper backups and of course
0:18
transfer the data from a device to
0:19
another definitely check it out in the
0:21
link below it supports iphone 13 as well
0:24
so just a couple of days ago the
0:25
objective c account here posted that 0 8
0:28
dc 3 wbb which is a developer in our
0:31
community gave an intriguing talk on
0:33
kernel exploitation on the new apple m1
0:36
chip and of course details about three
0:38
of their vulnerabilities now yesterday
0:40
the developer posted this quote the
0:41
slides of my presentation kernel
0:43
exploitation on apple m1 chip can be
0:45
found here and indeed they posted their
0:48
talk in here which took place at the
0:50
objective c conference here but aside
0:52
from the keynote or the presentation
0:54
about the apple ave 2 they also posted
0:56
this exploit poc or proof of concept
0:59
which is the local privilege escalation
1:01
type now if you're looking here you can
1:03
find zero htc 3wbb in the apple security
1:06
content with ave video encoder and it
1:09
says here quote an application may be
1:11
able to cause unexpected system
1:12
termination or write the kernel memory
1:14
so pretty interesting one it has been
1:16
patched on 14.6 which means that it
1:19
would be available for 14.5.1 14.5
1:23
14.4.2 14.4.1 and of course 14.4 so
1:27
pretty good for jailbreak purposes in
1:29
that range however there is a problem
1:30
with this exploit and that is the fact
1:32
that it needs to be changed in order to
1:34
be used for jailbreak purposes now
1:36
coolstar put it the best if you go ahead
1:38
here on discord coolstar posted an
1:40
announcement a couple of days ago and
1:42
they said quote please don't ping me
1:44
about the exploit that dropped today it
1:46
won't work for jailbreaking ios in its
1:48
current state as apple ade2 isn't
1:50
accessible from the sandbox it will need
1:53
to be chained with another user space
1:55
exploit similar to ftsb on ios 13.7 and
1:58
based on that previous exploit chain
2:00
expect it to only work on a10 or newer
2:03
if user space exploit also drops so
2:05
that's possibly the best explanation for
2:07
this exploit here that's the reason i
2:09
didn't make a video when it dropped but
2:10
a lot of people asked me about it so
2:12
yeah while it's great and it can be used
2:14
for jailbreak purposes you still need a
2:16
way to make it accessible from the
2:18
sandbox so it would still need a way to
2:19
be chained so we can definitely use this
2:22
however as coolstar said apple ave 2 is
2:24
not accessible from the sandbox as it is
2:27
so on ios you would still need another
2:29
exploit to chain with this one here
2:31
however if that happens you would have
2:33
local privilege escalation which can be
2:35
used indeed for jailbreak purposes but
2:37
as i said this has been patched on 14.6
2:40
so it would only be useful for 14.5.1
2:43
and lower still that would make for a
2:45
pretty useful exploit in my opinion
2:47
especially for those people now as you
2:49
saw cool start mentioning here 810 or
2:52
higher which means that the iphone 7 7
2:54
plus 8 8 plus 10 tennis max 10r 11 12
2:58
and so on will all be supported however
3:00
anything older than that like the iphone
3:02
6 6s and so on will not now the k note
3:06
itself is actually quite interesting it
3:08
explains the bug very well it explains
3:09
the apple ave ii and of course how they
3:12
sound various vulnerabilities how they
3:14
work and so on and of course it goes
3:15
back a couple of years the various other
3:17
vulnerabilities in the driver and they
3:19
mentioned an important thing they
3:21
mentioned that the apple ave ii used to
3:23
be only available on ios and of course
3:25
on the armed devices like the ipad
3:27
device and so on and it was of course
3:28
completely closed source and stripped
3:30
but now with the m1 chip max they of
3:33
course have access to this as well
3:35
making it easier to exploit and of
3:37
course to find bugs so that's one of the
3:39
reasons people are able to find bugs
3:41
easier in this nowadays so yeah both the
3:43
presentation and the proof of concept
3:45
the code that has been posted are very
3:47
useful for the jailbreak community as
3:49
knowledge and this one can even be used
3:51
for jailbreak purposes if chained but
3:53
for this one to be useful we would still
3:54
need to wait for that part of the chain
3:56
to be released as cool star said in
3:58
there and it likely would only work on
4:00
the iphone 7 or newer so that's
4:02
basically it about it thank you for
4:04
watching i am just now until next time
