Yesterday’s iOS 15.0.2 release fixes a vulnerability in IOMobileFrameBuffer, that could have caused app executing arbitrary code with kernel-level privileges due to memory corruption.
Soon after the release of iOS 15.0.2 software update that patches the said vulnerability, a write up by security researcher Saar Amar detailing the proof of concept (PoC) for it was published online.
While the mention of executing arbitrary code with kernel-level privileges would have been enough to get any jailbreak enthusiast excited, even Amar has mentioned that this vulnerability is great for jailbreaks. Here’s an excerpt from his detailed write mentioning exactly this.
This attack surface is highly interesting because it’s accessible from the app sandbox (so it’s great for jailbreaks) and many other processes, making it a good candidate for LPEs exploits in chains (WebContent, etc.).
– Saar Amar
Soon after this discovery it became apparent that even though Apple has closed the IOMobileFrameBuffer vulnerability, it can still be used to develop a jailbreak for devices running iOS 14.3 or later, including iOS 15.0 and iOS 15.0.1.
In fact a write up on /r/jailbreak explains how this very vulnerability can be utilized to develop a semi-untethered jailbreak for iOS 15.0.1 and iPadOS 15.0.1. If this happens, then it will be the very first jailbreak for iOS 15 and the newly released iPhone 13 models.
With this iOS 15.0.1 vulnerability being out in the open, it is up to developers of unc0ver and Taurine jailbreaks to come forward and use this exploit to develop an iOS 14.4 or later jailbreak with iOS 15 support, something that won’t be an easy feat to say the least.
While we do not have any confirmation or commitment from major jailbreak teams for developing an iOS 15 jailbreak on this or any other vulnerability, it is worth noting that anyone who is interested in jailbreaking iOS 15 should stay on iOS 15.0.1 or lower.
Apple is still signing iOS 15.0.1, so if you have already upgraded to iOS 15.0.2 or iPadOS 15.0.2 you still have the chance to downgrade, however it won’t be long until Apple closes the signing window for iOS 15.0.1, as it already has for iOS 15.0 and iOS 14.8.
