Linus Henze, the gifted hacker behind the Fugu15 jailbreak for arm64e units operating iOS & iPadOS 15.0-15.4.1, simply this week shared a proof of idea (PoC) for a safety vulnerability dubbed CVE-2023-28206 that Apple mounted with the discharge of iOS & iPadOS 16.4.1.
Henze introduced his PoC shiny and early Monday morning through Twitter, proven above, the place he linked to a GitHub web page displaying off his methodology and the end result.
CVE-2023-28206 was reported to Apple by Clément Lecigne of Google’s Menace Evaluation Group and Donncha Ó Cearbhaill of Amnesty Worldwide’s Safety Lab. As Apple notes on the safety content material web page for iOS & iPadOS 16.4.1, a firmware replace Apple launched simply final week, the vulnerability includes IOSurfaceAccelerator and will have granted kernel-level arbitrary code execution to any put in app.
Whereas the vulnerability exists in iOS & iPadOS 16.4 and older for the iPhone 8 and later, it’s value mentioning that it’s unlikely to lead to a public jailbreak launch in its personal. That’s as a result of Apple bolstered safety within the newest firmware releases, particularly on newer units, with the likes of PAC and PPL. These further layers of safety require extra bypasses for a jailbreak to operate, which complicates issues and provides fairly a bit extra work for jailbreak builders.
In any case, it’s nonetheless superior to see Henze dropping Easter Eggs once in a while, as they’ve been identified to help the jailbreak group. For instance, TrollStore developer opa334 is now main an effort to make Fugu15 right into a public jailbreak. This effort is at the moment being referred to as Fugu15 Max, but it surely’s anticipated to hold a unique identify by the point it reaches most people exterior of the beta interval.
Anybody fascinated by viewing Linus Henze’s lately launched PoC can head over to his GitHub web page to see extra.
Are you excited to see what turns into of Henze’s newest proof of idea? Make sure you tell us within the feedback part down under.
